Tero, On 13/02/15 13:04, Tero Kivinen wrote: > > If you want to protect against active attack you need policy which > will authenticate the other end and which do not allow any > unauthenticated unencrypted connections between peer.
I don't believe that is entirely true. With an s/protect against/prevent/ it would be true. Prevention is not the only form of protection. I wonder is that a source of some of the difficulty in getting to agreement about this. If one has protection against a passive attack and if that is used in almost all cases then that makes the cases where it is not used interesting, and possibly things to investigate. We saw exactly that pattern happen with an ISP that was causing SMTP/STARTTLS to fall back to cleartext recently. So passive protection is also some level of protection against active attacks that are easily spotted, such as those that cause a fallback to cleartext. (And in principle, with D-H used, there may be ways to detect that Alice and Bob have ended up with different shared secrets, though tcpinc is maybe the hardest cases for making that work. And that's another day's work anyway.) Cheers, S. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
