On Oct 16, 2013, at 8:23 AM, Stephen Kent <[email protected]> wrote:
One reason
is that these e-mail access protocols are used in enterprise environment where
passive
wiretapping often not considered a viable attack.
As someone who remembers the switch to Kerberos and then SSH driven by password
sniffers in the LAN, including one which got my own password back in the day, I
find this assumption grossly unrealistic.
That used to be a valid concern. I'm not sure why, but it seems to be
less of a concern
today. Maybe use of VLANs, better switch management, ...
You have to REALLY lock-down the LAN, including properly configure high end
switches with ARP filtering and/or other layer 3 management, for this
assumption to be even remotely plausible.
OK.
Finally, we must consider passive wiretapping an active attack. The only thing
which prevents a passive wiretap from modifying (rather than just monitoring)
traffic is almost invariably the will of the attacker, not any technical
limitation, since even on-path wiretappers can packet inject, allowing the
attacker to trivially promote themselves into a MitM situation in almost all
circumstances.
I don't agree that we should ignore the differences between passive and
active wiretapping.
I do agree that passive wiretapping can be augment with active attacks
of various sorts.
It's not just the "will" of the attacker that matters; it's also the
capabilities of the
attacker and their sensitivity to being detected.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
