[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Thoughts on identity attacks

To: <ipsec@lists.tislabs.com>
Subject: RE: Thoughts on identity attacks
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Wed, 6 Feb 2002 23:26:18 -0500
Importance: Normal
In-Reply-To: <p05101301b878eac8e2a2@[165.227.249.20]>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

Hi Paul,

I think the passive attack is the most important. Against an active attack,
it would be nice for the initiator's id to be protected in in road-warrior
cases and the responder's id to be protected otherwise.

I don't agree with obfuscating the certificate contents as a means of
identity protection. The data in the certificate is there for a reason (at
least some of it).

William brought up a good point at the IETF, which is that even a cert
request for a specific CA can leak important information. A hacker could go
around looking for cert requests from a specific CA in order to target
employees from a specific company.

BTW, If you're wondering why your original posting didn't get many answers,
it's probably due to its length. For whatever reason, long/dense messages
tend to get fewer responses.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.

Prev by Date: RE: RESEND: Thoughts on identity attacks
Next by Date: Re: RESEND: Thoughts on identity attacks
Prev by thread: RE: Interoperability test for AES
Next by thread: IPSECv2 Was: Thoughts on identity attacks
Index(es):
- Date
- Thread