Re: des instead of 3des
From: Luschinsky Vyacheslav (slavon@slavon.ru)
Date: 06/04/02
- Next message: David: "Critical Update Notification (WINUP)"
- Previous message: Sean Krulewitch: "Re: Registry based policies/preferences; Security Templates vs. Administrative Templates"
- In reply to: D. Cross [MS]: "Re: des instead of 3des"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Luschinsky Vyacheslav" <slavon@slavon.ru> Date: Tue, 4 Jun 2002 08:31:01 +0400
To be more precise I am referring to IKE negotiation. When I use pre-shared
keys I can use DES, when I use certificate obtained from MS CA, DES policy
is not send by vpn client ( cisco vpn client 3.5) through IKE as one of
possible choices and therefore is not matched by VPN server (PIX 6.0).
So if cert sever has nothing to do with it so the question may sound like
that: Why vpn software may have different polices when using different kind
of authentication (pre-share or certificate). Do you think it is problem of
cisco software?
> the certificates have nothing to do with DES/3DES. Symmetric algorithm
> information is not contained within the x.509 certificate issued by the
MSFT
> CA.
>
> I think you are referring to the VPN software itself - in that case 3DES
is
> only supported by Windows XP clients (has nothing to do with the CA you
are
> using). You can use 3DES with IPSEC in Windows XP, by turning it on
through
> group policy.
>
> --
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Luschinsky Vyacheslav" <slavon@slavon.ru> wrote in message
> news:adfd27$srd$1@news.sovam.com...
> > I don't need strong protection. I just need other then password
protected
> > entrance to local network. VPN with certificate auth will just do.
> >
> > "David Dickinson [MVP]" <eis@no-spam.softhome.net> wrote in message
> > news:eV6x2ztCCHA.824@tkmsftngp05...
> > > Luschinsky Vyacheslav wrote:
> > > > I have w2k server sp2 and certificate services installed.
> > > > certificates that are issued by it allow only 3des encription that
is
> > > > not supported by other side. Can I make server issue certs for des
> > > > encription?
> > >
> > > Can you update the other side? DES is not secure. It takes less than
a
> > day
> > > to break it.
> > >
> > > --
> > > David Dickinson, MVP (Security)
> > > EveningStar Information Services
> > > Las Cruces, NM USA
> > >
> > > Summary of Microsoft Security Bulletins
> > > http://www.zianet.com/bwd/securitybulletins.asp
> > >
> > >
> > >
> >
> >
>
>
- Next message: David: "Critical Update Notification (WINUP)"
- Previous message: Sean Krulewitch: "Re: Registry based policies/preferences; Security Templates vs. Administrative Templates"
- In reply to: D. Cross [MS]: "Re: des instead of 3des"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
