Security Incidents mailing list archives
Re: isakmp before smtp?
From: Steffen Dettmer <steffen () dett de>
Date: Wed, 13 Sep 2000 10:48:07 +0200
* Valdis Kletnieks wrote on Tue, Sep 12, 2000 at 09:49 -0400:
On Mon, 11 Sep 2000 18:04:29 CDT, Frank Knobbe <FKnobbe () KNOBBEITS COM> said: The basic trick here is "Diffie-Hellman key exchange".
[...] If you're only worried about confidentiality (to prevent evesdropping) you can use Diffie-Hellman to exchange a session key to use for encrypting the session. If you're worried about authentication too, you STILL want to use DH first, to set up a secure connection for key exchange, [...] Basic summary: For confidentiality, *no* pre-arranged keying is needed. For authentication, you need either a public/private key pair or a shared secret.
I think encryption without authentication make little sense only, since it sould be possible for an attacker to connect as if it where authorized and so the attacker would get the data she's interessted in, aint? So the attacker could spoof the real target of the encryption tunnel, and nothing would detect this (man-in-the-middle-attack). So I would summarize: For confidentiality, authentication is needed. Please correct me if I'm wrong. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Current thread:
- isakmp before smtp? Philipp Buehler (Sep 12)
- Re: isakmp before smtp? Mike Fratto (Sep 12)
- Message not available
- Re: isakmp before smtp? Mike Fratto (Sep 12)
- <Possible follow-ups>
- Re: isakmp before smtp? Frank Knobbe (Sep 12)
- Re: isakmp before smtp? Mike Fratto (Sep 12)
- Re: isakmp before smtp? Valdis Kletnieks (Sep 12)
- Re: isakmp before smtp? Steffen Dettmer (Sep 14)
- Re: isakmp before smtp? Valdis Kletnieks (Sep 14)
- Re: isakmp before smtp? Crist Clark (Sep 14)