[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Public Keys to initiate IPsec.
Stephen Kent writes:
> This sounds like a problem re using IPsec. After establishing an SA,
> we check inbound traffic on the SA (from the peer) to make sure it is
> consistent with the parameters for the SA. We can check only the 5
> fields that are defined as traffic selectors. So, you could be
> spoofed by a peer who authenticates as one MGCP endpoint ID, then
> sends a message with a different MGCP name in the MCGP message. This
> is outside the realm of what IPsec can do for you. You would have to
> remember the MGCP name from the SA establishment for later
> application layer checking, and there is no standard interface that
> passes that info to your application.
This is why I keep saying that it would be rilly,
rilly nice to have this interface from the kernel
(ideally, but could be with the keying daemon
too). Nor do I see this as "outside" of what IPsec
can do for you in the sense you seem to be using
"outside". It's a missing feature on what my
kernel/key daemon can do for me. There's nothing
*wrong* with sending the credentials associated
with a particular message up the stack.
I'm just about ornery enough hack this into our
Altiga shim just to prove it can be done and is --
ta da -- useful for all of the reasons that Eric
brought up.
Mike