[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'

Subject: Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
From: Denis Jedig <dj@xxxxxxxxxxxx>
Date: Tue, 6 Mar 2007 17:07:15 +0100

On Tue, 6 Mar 2007 12:25:03 +0100 Michael wrote:

> If they indeed already have that, then I don't see the logic behind
> statements like 'ns-cert-type and/or tls-remote can protect against
> an MITM attack'.

I believe the idea is to enable the VPN administrator to create more than
one OpenVPN server (e.g. in a failover setup) with dissimilar names.
tls-remote will only accept a single label and will use it as a substring
match against the CN provided in the certificate.

-- 
Denis Jedig
syneticon networks GbR             http://syneticon.net/service/

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
  - From: Jean Baptiste Favre

References:
- [Openvpn-users] Protecting against MITM with '--ns-cert-type'
  - From: openvpn
- Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
  - From: Ken Gallo
- Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
  - From: Michael

Prev by Date: Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
Next by Date: Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
Previous by thread: Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
Next by thread: Re: [Openvpn-users] Protecting against MITM with '--ns-cert-type'
Index(es):
- Date
- Thread