[Openswan Users] How to check the host identity ?
Bryan McAninch
bryan at mcaninch.org
Wed May 18 10:22:06 CEST 2005
This is an inherent flaw with certificates. The only way to be certain, is
to have the corresponding private key password encrypted with a symmetric
cipher (3DES,AES). This proves (to some extent) the person with the
certificate is authorized to use the certificate. This clearly demonstrates
the need to have private keys encrypted with a strong cipher / strong
password combo.
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of david
Sent: Wednesday, May 18, 2005 5:27 AM
To: users at openswan.org
Subject: [Openswan Users] How to check the host identity ?
Hi all,
I am testing a VPN using certificates.
Server ======== User
The server and the user have a certificate. The server accepts all
connection if it knows CA which signed the certificate of the user.
How to check that the User is really the party the certificate was issued to
? (and not someone who has intercepted the certificate)
thx
david
Interview 50 Cent
<http://ad.fr.doubleclick.net/clk;16192674;11265970;k?http://www.rbk.com/fr/
iawia/default.htm> 100% I am what I am...
More information about the Users
mailing list