[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS

To: "david chen" <ietf_davidchen@hotmail.com>
Subject: Re: SOI: identity protection and DOS
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Tue, 27 Nov 2001 19:39:42 -0500
Cc: "Paul Hoffman / VPNC" <paul.hoffman@vpnc.org>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <OE20dgLXZ3lV3Rr4Ygc00005184@hotmail.com>, "david chen" writes:
>The very reason to certify a public key is that
> if the key is not 'public' enough than it is subject to MIM attack.
>
>Self-signed cert is subject to MIM attack unless...
>then why we need public/private key.

You misunderstand.  I'm suggesting that whatever secure channel could 
be used to share a symmetric key could be used to share a public key.  
If you can't trust that channel, you can't use pre-shared secrets, 
either.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com

Follow-Ups:

Re: SOI: identity protection and DOS

From: Derek Atkins <warlord@mit.edu>

Re: SOI: identity protection and DOS

From: "david chen" <ietf_davidchen@hotmail.com>

Prev by Date: Re: SOI: identity protection and DOS
Next by Date: Re: SOI: identity protection and DOS
Prev by thread: Re: SOI: identity protection and DOS
Next by thread: Re: SOI: identity protection and DOS
Index(es):
- Main
- Thread