W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: protocol support for intercepting proxies

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 19 Jun 2007 19:30:52 +1200
Message-ID: <4677862C.8020902@qbik.com>
To: Adrian Chadd <adrian@creative.net.au>
CC: HTTP Working Group <ietf-http-wg@w3.org>

Actually that proves my point.

this is an example of security problems inherent in low-level protocols 
being solved using high level protocols, e.g. SSL certificates, key 
exchange protocols etc.  All of which require the IP config to be 
working, which therefore already required DHCP to be working without 
auth.  So, it pretty much makes DHCP auth pointless.


Adrian Chadd wrote:
> On Tue, Jun 19, 2007, Adrien de Croy wrote:
>> ethernet (non IP) level key management / auth subsystem to auth DHCP.  
>> One that can cross subnets.  Since most routers are IP routers, ethernet 
>> level is a non-starter as well.  You really need an IP level or higher 
>> protocol for auth.
> Its not more difficult to setup than shared keys for WPA-PEAP IIRC.
> Group Profiles/Active Directory has already solved this problem for
> distributing authentication keys (at least in the Windows world.)
> (Not that this is a workable solution for -everyone-, but certainly
> in the corporate environments you're talking about..)
> Adrian

Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 19 June 2007 07:30:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:42 UTC