Re: Dynamic Addresses issue

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dynamic Addresses issue

From:	Alec H. Peterson
Subject:	Re: Dynamic Addresses issue
Date:	Sun, 18 May 2003 21:45:43 -0600

--On Sunday, May 18, 2003 9:35 PM -0600 "Alec H. Peterson"<ahp@hilander.com> wrote:


It doesn't seem that it would be too hard to do, and as such I'm
considering just doing it myself, but first I'm curious if anybody thinks
there would be a security implication of doing this.  The way I see it,
trusting the public key is more secure than the current method of just
trusting the IP address, since somebody could hijack an IP address in the
dynamic range and insert an un-trusted key.

Note that I mean this trust is in place with the current implementation ofthe DynamicAddresses configuration directive, clearly when requiring boththe IP address and key to match the stored state optimal security isachieved.


Alec

[Prev in Thread]

Current Thread

[Next in Thread]

Dynamic Addresses issue, Alec H. Peterson, 2003/05/18
- Re: Dynamic Addresses issue, Alec H. Peterson <=
- Re: Dynamic Addresses issue, Alec H. Peterson, 2003/05/22

Prev by Date: Dynamic Addresses issue
Next by Date: Berkeley DB
Previous by thread: Dynamic Addresses issue
Next by thread: Re: Dynamic Addresses issue
Index(es):
- Date
- Thread