On Fri, Jul 11, 2008 at 05:08:39PM +0100, Dave Korn wrote:
>   It does sound a lot like "SSL/TLS without certs", ie. SSL/TLSweakened to
> make it vulnerable to MitM.  Then again, if no Joe Punter ever knows the
> difference between a real and spoofed cert, we're pretty much in the same
> situation anyway.

Note that this is not all that bad because many apps can do
authentication at the application layer, and if you add channel binding
then you can leave session crypto to IPsec while avoiding MITMs (they
get flushed by channel binding).

This is the premise of BTNS + connection latching.  W/o channel binding
it's better than nothing, though not much.  W/ channel binding it should
be much easier to deploy (beyond software updates) than plain IPsec with
similar security guarantees.

Nico
-- 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to