[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Man in the middle attack (draft-kaufman-ipsec-improveike-00.txt)?
I'm sure I've missed something.
In section 7 (main mode with pre-shared keys), isn't
Alice's identity susceptible to a man-in-the-middle
attack?
Could Mallory impersonate Bob for the first two pairs
of messages, use the Diffie-Hellman key to learn Alice's
identity, and then not finish the protocol? (Of course,
since Mallory doesn't know the pre-shared secret, he
can't fix up the third message to relay it to Bob even
with knowledge of Alice's identity.)
- Ken