[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IPsecurity theater

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] IPsecurity theater
From: coderman <coderman@xxxxxxxxx>
Date: Sat, 26 Nov 2005 07:35:34 -0800

On 11/26/05, Joachim Schipper <j.schipper@xxxxxxxxxx> wrote:
> I fully agree. But if you only want to accept traffic from trusted,
> authenticated sources, it's about as close to that as you can get.

what i'd like a key daemon to do:
- create or import a symmetric key database (hardware entropy++)
- for encrypted key databases prompt for authentication
- enter SA's according to key schedule associated with db
- invalidate used keys and securely delete them from db
you can assume that key distribution details are covered.

what i don't what it ever doing:
opening a public network socket and listening to unauthenticated
traffic (ISAKMP).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] IPsecurity theater
  - From: Joachim Schipper

References:
- [Full-disclosure] IPsecurity theater
  - From: coderman
- Re: [Full-disclosure] IPsecurity theater
  - From: Joachim Schipper
- Re: [Full-disclosure] IPsecurity theater
  - From: coderman
- Re: [Full-disclosure] IPsecurity theater
  - From: Joachim Schipper

Prev by Date: [Full-disclosure] lol, phc, lol b4b0, lol el8.
Next by Date: [Full-disclosure] PHC proudly presents ...
Previous by thread: Re: [Full-disclosure] IPsecurity theater
Next by thread: Re: [Full-disclosure] IPsecurity theater
Index(es):
- Date
- Thread