[Openswan Users] Aggressive Mode with RSASig
mcr at sandelman.ottawa.on.ca
Wed Feb 16 12:17:35 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Using certificates with aggressive mode is very poor network
engineering and poorer cryptographic configuration.
There is simply no reason to do so, as you can can easily use Main Mode
with rsa signatures. Asing aggressive mode simply opens you up to denial
of service attacks, for no purpose.
Certainly pluto should tolerate certificates in aggressive mode.
That is certainly a bug, I agree.
But again, it really is a very poor configuration.
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Users