On Tue, May 05, 2009 at 02:43:16PM -0700, Joe Touch wrote: > Nicolas Williams wrote: > > On Thu, Apr 23, 2009 at 04:15:59PM -0500, jb27 at cec.wustl.edu wrote: > >> -From section 4, BTNS protects security associations after they are > >> established by reducing vulnerability to attacks from parties that are not > >> participants in the association.? Doest this include MitM attacks? > > > > Yes. > > Agreed - *after* the BTNS association is established, it does protect > from further MITM attacks. I should clarify one more thing: BTNS protects against MITMs after the initial exchange IFF either leap-of-faith (PAD updates) is done, and/or connection-latching is used. If you do neither then you get no MITM protection at all. BTNS protects against MITMs in the initial connection IFF either out-of-band authentication of peer ID is done, and/or in-band authentication + channel binding is done. If you do neither then you get no MITM protection on the initial connection. Nico --
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.