Security Basics mailing list archives
Re: IP authentication vs. Certificate authentication
From: Kevin Saenz <ksaenz () spinaweb com au>
Date: Tue, 04 Nov 2003 15:01:44 +1100
Been asked to provide a 1 pager of pros and cons around IP-based authentication and certificate-based authentication. I've stated that IP authentication is subject to a number of exploits within the protocol such as IP spoofing, IP piggybacking, and that with certificate-based authentication it can be used to provide proof of identity.
I don't know if what you mean IP piggybacking is the same as middle man attacks, you have less of a chance of completing a middle man attack with certificates unless they were watching the wire before connections were initiated. if you do a search for PKI on google you can also see some old documentation on the 10 risks of PKI, then you could follow the development process from there. See if the issues raised in that document have been resolved.
Can anyone else come up with any other compelling reasons for or against either one, in the context of IP vs. certificate authentication? Assume anything you like, so be as broad or specific as you like. Any thoughts gratefully accepted. Netethix Nigel Hedges IT Security Consultant Mobile: 0413 483 436 Email: netethix () iprimus com au --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
-- Regards, Kevin Saenz Spinaweb I.T consultants Ph: 02 4620 5130 Fax: 02 4625 9243 Mobile: 0418455661 Web: http://www.spinaweb.com.au --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- IP authentication vs. Certificate authentication netethix (Nov 03)
- Re: IP authentication vs. Certificate authentication Francisco Andrades (Nov 03)
- Re: IP authentication vs. Certificate authentication Kevin Saenz (Nov 04)