[Openswan Users] Aggressive Mode with RSASig

Sascha.Grau at Stud.Tu-Ilmenau.De Sascha.Grau at Stud.Tu-Ilmenau.De
Wed Feb 16 18:42:40 CET 2005


> Using certificates with aggressive mode is very poor network 
> engineering and poorer cryptographic configuration.
> 
> There is simply no reason to do so, as you can can easily use Main Mode
> with rsa signatures.  Asing aggressive mode simply opens you up to denial
> of service attacks, for no purpose.
> 
> Certainly pluto should tolerate certificates in aggressive mode.
> That is certainly a bug, I agree.
> But again, it really is a very poor configuration.

I got paid here for doing some interoperability tests and that's what i did. Independently , if i
would use it (which i would not), it is a standardized configuration, so it was tested and Openswan
failed. That's it.

Sascha Grau






More information about the Users mailing list