diff options
Diffstat (limited to 'testing/tests/ikev2/rw-sig-auth/description.txt')
| -rw-r--r-- | testing/tests/ikev2/rw-sig-auth/description.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/testing/tests/ikev2/rw-sig-auth/description.txt b/testing/tests/ikev2/rw-sig-auth/description.txt new file mode 100644 index 000000000..569d7e054 --- /dev/null +++ b/testing/tests/ikev2/rw-sig-auth/description.txt @@ -0,0 +1,10 @@ +The roadwarriors <b>carol</b> an <b>dave</b> set up a connection to gateway +<b>moon</b>. They authenticate themselves using <b>RSA signatures</b> but +they use different hash algorithms. <b>moon</b> uses signature scheme constraints +to only allow access to the <b>research</b> and <b>accounting</b> subnets if +specific algorithms are used. <b>Note:</b> Because the client certificate's are signed +with SHA-256 we have to accept that algorithm too because signature schemes in +<b>rightauth</b> are also used as constraints for the whole certificate chain. +Therefore, <b>carol</b> obtains access to the <b>research</b> subnet behind gateway +<b>moon</b> whereas <b>dave</b> has access to the <b>accounting</b> subnet, but not +vice-versa. |