tech-net: Re: IPSEC and user vs machine authentication

Subject: Re: IPSEC and user vs machine authentication
To: Bill Studenmund <wrstuden@NetBSD.org>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-net
Date: 08/17/2005 09:18:49

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Bill" == Bill Studenmund <wrstuden@NetBSD.org> writes:
    Bill> I think that's dangerous as you have no reliable way to tell
    Bill> if the IPsec is end-to-end. So you open yourself up to MITM
    Bill> attacks where you establish IPsec with the attacker who in
    Bill> turn establishes it with the client.

  That's what channel bindings are for.

- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQwM5OIqHRg3pndX9AQFcLwP/f+n9W6TW+g6Soz+bDCn3a2XYq4nXYpQW
mVyAS6eqycay4HmAklImXziz+p59O0tKKkFC2njfXPfG6PR9lDbfuxcDW0ndwc2y
355FSHwr2XdvkRTgq5x23FbvCpqOHiOPOtxgmpj3aay7cga/XDLkwAsYkds2j7kF
atTb1s2cydI=
=IYeX
-----END PGP SIGNATURE-----