Re: I can't underestand IKE Authentication!
- From: "ArshinK" <ArshinK@xxxxxxxxx>
- Date: Mon, 29 Oct 2007 16:03:11 +0330
Thanks Gaurav,
but:
Authentication occures at the Step 5,6 in IKE-Main-Mode-Negotiations and
just before it the DH-Exchange is done with Man-In-The-Middle,
The main problem is that the Principals doesn't have any
Identification-parameters from each other except the Peer-IP-Address, so
what prevents the Man-In-The-Middle to introduce himself as a valid
principal?
In Kerberos, Tickets binds to Peer-IP-Address, also in PSK, only the real
principals have the Shared-Key, but in the certificate what field relates
the certificate to Peer-IP-Address?
We have only Peer-IP-Address as a valid parameter for communication and not
the Name or other things!
.
- References:
- I can't underestand IKE Authentication!
- From: ArshinK
- Re: I can't underestand IKE Authentication!
- From: Gaurav Kumar
- I can't underestand IKE Authentication!
- Prev by Date: Re: Prevent folder deletion
- Next by Date: Terminal Services Security Issue with Cached Credentials
- Previous by thread: Re: I can't underestand IKE Authentication!
- Next by thread: I can't underestand IKE Authentication!
- Index(es):
