[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] Security Considerations
At Tue, 20 May 2003 17:51:22 -0400, Michael Richardson wrote:
> >>>>> "Jean-Jacques" == Jean-Jacques Puig <Jean-Jacques.Puig@int-evry.fr> writes:
>
> >> An active attack against this record, were it not provided with end-
> >> to-end integrity, would provide an opportunity for an attacker to
> >> replace the keying material.
>
> Jean-Jacques> What about the gateway ? By providing his own gateway (with a suitable
> Jean-Jacques> key or with an ipseckey rr for the gateway), wouldn't the attacker
> Jean-Jacques> manage to reroute destination packets to him thanks to the tunnel ?
> Jean-Jacques> Would this help to set up a MiM ?
>
> Yes, they could do that.
> Does this need to be stated.
Yes.
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.