File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / ikev2 / rw-sig-auth / description.txt
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:47 2020 UTC (4 years, 5 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

The roadwarriors <b>carol</b> an <b>dave</b> set up a connection to gateway
<b>moon</b>. They authenticate themselves using <b>RSA signatures</b> but
they use different hash algorithms. <b>moon</b> uses signature scheme constraints
to only allow access to the <b>research</b> and <b>accounting</b> subnets if
specific algorithms are used. <b>Note:</b> Because the client certificate's are signed
with SHA-256 we have to accept that algorithm too because signature schemes in
<b>rightauth</b> are also used as constraints for the whole certificate chain.
Therefore, <b>carol</b> obtains access to the <b>research</b> subnet behind gateway
<b>moon</b> whereas <b>dave</b> has access to the <b>accounting</b> subnet, but not
vice-versa.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>