Hosnieh, CGA only protect against MITM attacks if the addresses are exchanged securely. Otherwise, you get the following situation:
* A wants to connect with B; * The evil E convinces A that the address of B is X, a CGA address composed by E; * Using CGA, A establishes a secure channel to X; * Using CGA, E establishes a secure channel from X to B; Voila, the connections are properly secured with CGA, yet E is in the middle. -- Christian Huitema _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
