opportunistic routers?
Robert Moskowitz
rgm at icsa.net
Thu Jul 1 13:07:38 EDT 1999
At 05:41 PM 6/30/99 -0400, Joseph S D Yao wrote:
>Rodney Thayer replied:
>> not if certificates are used, I think.
>>
>> At 08:31 PM 6/28/99 -0700, Ryan Russell wrote:
>...
>> >It should be noted that, unless there is a pre-shared piece of information
>> >(doesn't neccessarily have to be secret) ahead of time, the encryption
>> >will be subject to MITM attacks.
>
>Either the certificates are shared ahead of time, or they have to
>establish a common "certifier" who will certify them to each other.
>There has to be some basis of trust pre-established.
>
IKE, like S/MIME and TLS can pass certificates in-band. There then must be
a certificate validation process to establish cert turst.
But the discussion is Man in the Middle attacks and has nothing to do with
certifcate validation and in this case everything to do with public key
signing.
Robert Moskowitz
ICSA, Inc.
(248) 968-9809
Fax: (248) 968-2824
rgm at icsa.net
There's no limit to what can be accomplished
if it doesn't matter who gets the credit
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
More information about the VPN
mailing list