[Openswan Users] Aggressive Mode with RSASig
Sascha.Grau at Stud.Tu-Ilmenau.De
Sascha.Grau at Stud.Tu-Ilmenau.De
Wed Feb 16 18:42:40 CET 2005
> Using certificates with aggressive mode is very poor network
> engineering and poorer cryptographic configuration.
>
> There is simply no reason to do so, as you can can easily use Main Mode
> with rsa signatures. Asing aggressive mode simply opens you up to denial
> of service attacks, for no purpose.
>
> Certainly pluto should tolerate certificates in aggressive mode.
> That is certainly a bug, I agree.
> But again, it really is a very poor configuration.
I got paid here for doing some interoperability tests and that's what i did. Independently , if i
would use it (which i would not), it is a standardized configuration, so it was tested and Openswan
failed. That's it.
Sascha Grau
More information about the Users
mailing list