Firewall Wizards mailing list archives
Re: IPsec and firewalls
From: Aleph One <aleph1 () dfw dfw net>
Date: Sat, 7 Feb 1998 19:13:30 -0600 (CST)
On Sat, 7 Feb 1998 carson () tla org wrote:
_Every_ authentication scheme relies on a trusted 3rd party of some sort. The only question is who is trusted, and when that trust must be validated. If you make your proxy/firewall/nat/whatever a trusted CA, you can proxy just about anything, including stripping ActiveX from HTTP over SSL sessions. I agree that it would be nice for this "trusted spoofing" or "friendly man in the middle" approach to be designed in rather than reverse-engineered.
Not necessarily. The typical example is that of users using a pseudonym. I may accept a key from them on our initial contact without verifying it with a trusted third party (as it is a pseudonym and there is not one to trust) yet every time after that I have their key and verify I was talking to the same person I was taking the first time. In any case I will not always want to authenticate. I may just want to encrypt the session and a simple key exchange is all that is needed. No need to verify anything with a third party.
-- Carson Gaspar -- carson () cs columbia edu carson () tla org carson () cugc org http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- encapsulated protocols? Mark Horn [ Net Ops ] (Feb 03)
- Re: encapsulated protocols? Adam Shostack (Feb 04)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 06)
- Re: encapsulated protocols? Mark Horn [ Net Ops ] (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- IPsec and firewalls Aleph One (Feb 07)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Aleph One (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Adam Shostack (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 04)
- Effect of full disk on logging under FW-1 v 2.1? Bret Watson (Feb 09)
- Re: IPsec and firewalls Ted Doty (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 07)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- Re: encapsulated protocols? Larry J. Hughes Jr. (Feb 09)
- <Possible follow-ups>
- Re: encapsulated protocols? Rick_Giering_at_mpg003 (Feb 06)