On Tue, Jan 27, 2004 at 12:37:03PM +1100, Daniel Carosone wrote:
> On Sat, Jan 24, 2004 at 08:33:53PM -0800, Wolfgang S. Rupprecht wrote:
> > hopefully followed by them reaming Cisco a new one.
> 
> Regardless of exactly what your euphemism really refers to, they'd be
> the first to succeed, though not to try, over this issue.
> 
> Security-conscious corporates work around the problem by using
> certificates or one-time-password tokens, whether or not they're

It's important to understand that the use of one-time-password tokens
does not really address the underlying security issue; it merely
prevents the compromise of the user account from lasting indefinitely.
Any user can *still* impersonate the server, steal another user's OTP
token, and impersonate him to the real server, MITMing all of his traffic
(or just failing his IKE session so he goes away and leaves the attacker
to do his thing).

IKE with a preshared key shared between more than two parties is simply
not secure.  There is no way you can make it secure; its misuse with XAUTH
is just particularly nasty.

Thor