[Cryptography] IKE/ISAKMP/IPsec complexity by design
jamesd at echeque.com
jamesd at echeque.com
Wed Oct 3 18:29:49 EDT 2018
On 2018-10-04 06:57, Florian Weimer wrote:
> I have yet to see a large-scale IPsec deployment where users cannot
> attack each other by impersonating the gateway.
>
> Of course, that's not the fault of the IPsec protocol as standardized
> by the IETF because the IETF refused to cover that use case.
I would phrase it slightly differently:
The IETF refused to cover the connection between cryptographic public
keys (Zooko global identifiers) and human readable names.
And as a result, there is no clear way for the end user to know if his
software is using the correct cryptographic key.
More information about the cryptography
mailing list