[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments on CRACK
On Tue, 26 Oct 1999, Stephane Beaulieu wrote:
> Perhaps, although some have argued that this would be redundant. Admins
> would have to maintain 2 databases (SS+RADIUS).
> If we do feel that adding this restriction adds security, then shouldn't IKE
> do the same?
Although it's actually a policy decision, not to be mandated by the
protocols. So probably neither IKE nor xauth should mandate it, but maybe
could include a section on why this is Bad(tm)? Or maybe an information rfc
explaining the risks and why this is not a good idea?
> > -----Original Message-----
> > From: Moshe Litvin [mailto:email@example.com]
> > Sent: Tuesday, October 26, 1999 12:36 PM
> > To: Stephane Beaulieu
> > Cc: Dan Harkins; firstname.lastname@example.org; email@example.com
> > Subject: Re: Comments on CRACK
> > Stephane Beaulieu wrote:
> > <snip>
> > > However, I would like to hear everyone else's
> > > opinion on this. Should the use of pre-shared keys be
> > restricted in XAUTH
> > > (or whatever other protocol) because it encourages the use of weak
> > > pre-shared keys?
> > >
> > > If there is concensus, pre-shared keys can be removed from
> > XAUTH. I don't
> > > think that we have concensus at this point.
> > Maybe we can reach a consensus by forbidding group pre-shared keys?
> > Moshe
Jan Vilhuber firstname.lastname@example.org
Cisco Systems, San Jose (408) 527-0847