IETF Logo Mail Archive

Re: [Call-home] draft now posted; BoF?

Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> Wed, 28 September 2005 05:53 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKUsG-0002re-Li; Wed, 28 Sep 2005 01:53:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKUsE-0002rL-TH for call-home@megatron.ietf.org; Wed, 28 Sep 2005 01:52:58 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16335 for <call-home@ietf.org>; Wed, 28 Sep 2005 01:52:58 -0400 (EDT)
Received: from ia5f5.i.pppool.de ([85.73.165.245] helo=boskop.local) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKUzc-0001I6-Lt for call-home@ietf.org; Wed, 28 Sep 2005 02:00:38 -0400
Received: by boskop.local (Postfix, from userid 501) id 4A60E445CCD; Tue, 27 Sep 2005 23:52:10 +0200 (CEST)
Date: Tue, 27 Sep 2005 23:52:10 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
To: Wes Hardaker <wes@hardakers.net>
Subject: Re: [Call-home] draft now posted; BoF?
Message-ID: <20050927215210.GA4997@boskop.local>
References: <4337FBB5.4010701@cisco.com> <20050926210654.GA3067@boskop.local> <43391200.1020806@cisco.com> <sdy85iocsw.fsf@wes.hardakers.net> <20050927143210.GB1586@boskop.local> <sdirwmgp7r.fsf@wes.hardakers.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <sdirwmgp7r.fsf@wes.hardakers.net>
User-Agent: Mutt/1.5.10i
X-Spam-Score: 0.6 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: call-home@ietf.org
X-BeenThere: call-home@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: j.schoenwaelder@iu-bremen.de
List-Id: "Discussion of issues relating to &quot; call home&quot; functionality and firewall traversal" <call-home.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/call-home>
List-Post: <mailto:call-home@ietf.org>
List-Help: <mailto:call-home-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=subscribe>
Sender: call-home-bounces@ietf.org
Errors-To: call-home-bounces@ietf.org

On Tue, Sep 27, 2005 at 02:44:56PM -0700, Wes Hardaker wrote:
 
> I promise you that user/pass credentials are not sent until after the
> user verifies that it's talking to a server it trusts.  Asymmetric
> cryptography (X.509, eg) can be used independent of ordering but
> tacking on raw username and password through a negotiated tunnel can
> not.  To do anything else would allow for man in the middle.

Can you translate that into something I can understand? How can I
mount a man in the middle attack if the client/server roles are not
determined by who sent the first SYN?

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

_______________________________________________
Call-home mailing list
Call-home@ietf.org
https://www1.ietf.org/mailman/listinfo/call-home

v2.23.0 | Report a Bug | By Email