RE: DH-CHAP

To: Julian_Satran@il.ibm.com
Subject: RE: DH-CHAP
From: Black_David@emc.com
Date: Fri, 12 Apr 2002 15:42:50 -0400
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Julian,

> DH-CHAP (or should I call it DB-CHAP?)  used for bilateral authentication
as 2
> exchanges besides not "synchronizing" authentication is even more exposed
to
> active attack than CHAP.

Call it "Oscar" if you like, I don't care ... :-).

I don't understand either the 'not "synchronizing" authentication' or the
"even more exposed to active attack than CHAP" comment.  For the latter
comment, Section 6.3 of the draft explains how DH-CHAP protects against
an active man-in-the-middle attack on a Responder that CHAP cannot prevent.
Could you explain?

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
black_david@emc.com         Cell: +1 (978) 394-7754
---------------------------------------------------

Prev by Date: Re: iscsi : Rev 11-94
Next by Date: sexyy Screen Saver
Prev by thread: RE: DH-CHAP
Next by thread: Re: DH-CHAP
Index(es):
- Date
- Thread

Home

Last updated: Fri Apr 12 19:18:22 2002
9642 messages in chronological order