[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Security Considerations



At Tue, 20 May 2003 17:51:22 -0400, Michael Richardson wrote:
> >>>>> "Jean-Jacques" == Jean-Jacques Puig <Jean-Jacques.Puig@int-evry.fr> writes:
>
>     >> An active attack against this record, were it not provided with end-
>     >> to-end integrity, would provide an opportunity for an attacker to
>     >> replace the keying material.
> 
>     Jean-Jacques> What about the gateway ? By providing his own gateway (with a suitable
>     Jean-Jacques> key or with an ipseckey rr for the gateway), wouldn't the attacker
>     Jean-Jacques> manage to reroute destination packets to him thanks to the tunnel ?
>     Jean-Jacques> Would this help to set up a MiM ?
> 
>   Yes, they could do that.
>   Does this need to be stated.

Yes.
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.