Joe Maimon <jmaimon@ttec.com> wrote:
Dont know what his requirements are, but the ability to allow any client in the world to authenticate to my server with any one of X secrets, thereby allowing me to associate them to client Y as opposed to client Z is very usefull wherever the IP address range describing the source of client Y and client Z might overlap.
Sure. But it's a fairly serious performance hit, and a bad idea from the security perspective.
This allows me to have specific configurations for this client, cancel service to only one of the "entities" and to upgrade/change the secret without requiring a flag-day event.
Hmm... that sounds like it's worth doing. The only problem is that this will really work only for packets that contain Message-Authenticator. Alan DeKok.