Security Basics mailing list archives

Re: IP authentication vs. Certificate authentication

From: Kevin Saenz <ksaenz () spinaweb com au>
Date: Tue, 04 Nov 2003 15:01:44 +1100

Been asked to provide a 1 pager of pros and cons around IP-based authentication
and certificate-based authentication.

I've stated that IP authentication is subject to a number of exploits within
the protocol such as IP spoofing, IP piggybacking, and that with certificate-based
authentication it can be used to provide proof of identity.

I don't know if what you mean IP piggybacking is the same as middle man
attacks, you have less of a chance of completing a middle man attack
with certificates unless they were watching the wire before connections
were initiated.

if you do a search for PKI on google you can also see some old
documentation on the 10 risks of PKI, then you could follow the
development process from there. See if the issues raised in that
document have been resolved.

Can anyone else come up with any other compelling reasons for or against
either one, in the context of IP vs. certificate authentication?

Assume anything you like, so be as broad or specific as you like. Any thoughts
gratefully accepted.

Netethix
Nigel Hedges
IT Security Consultant
Mobile: 0413 483 436
Email: netethix () iprimus com au



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------

-- 
Regards,

Kevin Saenz
 
Spinaweb
I.T consultants
 
Ph: 02 4620 5130
Fax: 02 4625 9243
Mobile: 0418455661
Web: http://www.spinaweb.com.au


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

Current thread:

IP authentication vs. Certificate authentication netethix (Nov 03)
- Re: IP authentication vs. Certificate authentication Francisco Andrades (Nov 03)
- Re: IP authentication vs. Certificate authentication Kevin Saenz (Nov 04)