[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pre-shared key v RSA encryption or RSA signature authentication modes

To: Stephen Kent <kent@bbn.com>, <andrew.krywaniuk@alcatel.com>
Subject: Re: pre-shared key v RSA encryption or RSA signature authentication modes
From: Uri Blumenthal <uri@bell-labs.com>
Date: Mon, 25 Mar 2002 12:06:28 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <p05100305b8c4fafbfbd8@[128.89.88.34]>
Organization: Lucent Technologies / Bell Labs
Original-Cc: <ipsec@lists.tislabs.com>
References: <005001c1d355$786a7c50$1e72788a@ca.alcatel.com> <p05100305b8c4fafbfbd8@[128.89.88.34]>
Reply-To: uri@bell-labs.com
Sender: owner-ipsec@lists.tislabs.com

On Monday 25 March 2002 11:08, Stephen Kent wrote:
> I'm glad you mentioned what I consider to be a significant downside
> of pre-shared secrets, although we come to very different
> conclusions.  It is not too hard to imagine an attack in which the
> initiator connects to the wrong address, e.g., via some form of DNS
> attack, and the fake responder collects the initiator's secret, then
> drops the connection. 

I thought this authentication method is YEARS gone?  A-la HTTP Basic 
Authentication?

Isn't practically everybody today using some form of challenge-response 
auth with pre-shared secrets? [real-life examples would be helpful.]
-- 
Regards,
Uri
-=-=-<>-=-=-
<Disclaimer>

Follow-Ups:
- Re: pre-shared key v RSA encryption or RSA signatureauthentication modes
  - From: Stephen Kent <kent@bbn.com>

References:
- RE: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
- RE: pre-shared key v RSA encryption or RSA signatureauthentication modes
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: RE: Move TS to optional (RE: Don't remove TS from IKEv2)
Next by Date: RE: pre-shared key v RSA encryption or RSA signature authentication modes
Prev by thread: RE: pre-shared key v RSA encryption or RSA signatureauthentication modes
Next by thread: Re: pre-shared key v RSA encryption or RSA signatureauthentication modes
Index(es):
- Date
- Thread