[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)

To: "'David Jablon'" <dpj@xxxxxxxxxxxxx>, "CHINNA N.R. PELLACURU" <pcn@xxxxxxxxx>
Subject: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
From: "Finney Charles E" <FinneyCharlesE@xxxxxxxxxxxxx>
Date: Thu, 22 Jun 2000 07:49:29 -0500
Cc: "Hugo Krawczyk" <hugo@xxxxxxxxxxxxxxxxx>, "'IPSRA list'" <ietf-ipsra@xxxxxxxx>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

>> OK, let me try another example, If I have a smartcard that has my key
>> pair, and my certificate, and I carry it around, and plug it into a
>> computer in an Internet Cafe, does that mean that now we are
>> authenticating the machine in the Internet Cafe!
>
>No.  Here the machine is trusted implicitly.  Any kiosk that I control
>(I'm a hypothetical evil entity) can abuse your card to secretly buy
>my Mom some flowers, in addition to completing your transaction.
>No crypto protocol helps here.  This problem is out of our scope.

	It seems the card holder trusted the machine, this does not imply
the receipent host should do likewise.  Deere & Company would like very much
to have a high degree of assurance the machine is Deere owned and configured
prior to authorizing a connection.  Something like a cert tied to a unique
characteristic of the machine??  Buying flowers is one thing, downloading
corporate secrets to a foreign system is another.

	Charlie Finney
	Technical Consultant
	Deere & Company

Prev by Date: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Next by Date: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Previous by thread: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Next by thread: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Index(es):
- Date
- Thread