[Openswan Users] Aggressive Mode with RSASig
Michael Richardson
mcr at sandelman.ottawa.on.ca
Wed Feb 16 12:17:35 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Using certificates with aggressive mode is very poor network
engineering and poorer cryptographic configuration.
There is simply no reason to do so, as you can can easily use Main Mode
with rsa signatures. Asing aggressive mode simply opens you up to denial
of service attacks, for no purpose.
Certainly pluto should tolerate certificates in aggressive mode.
That is certainly a bug, I agree.
But again, it really is a very poor configuration.
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQhOALYqHRg3pndX9AQF8VwP/eUS1Z20PXhkhDAXK+H1JjrkM+NBes/oP
x7RGvXHnsDcpJ3bipdpKRjRnY/HuBuiNzn86NvvQd7s0bi+NXeBVocm4YeOyBmp8
G1Dznu0MLHXqeyVQ9JbNdB3A9qOPmfzt7uNWx7oYM58LmNi8jzZxKL1ReS3WUxaB
eCziCvbv928=
=KA8E
-----END PGP SIGNATURE-----
More information about the Users
mailing list