[14401] in cryptography@c2.net mail archive
Re: anonymous DH & MITM
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Wed Oct 1 21:30:16 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: M Taylor <mctylr@privacy.nb.ca>
Cc: Cryptography list <cryptography@metzdowd.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 01 Oct 2003 16:27:20 -0700
In-Reply-To: <20031002000640.A7066@pull.privacy.nb.ca>
M Taylor <mctylr@privacy.nb.ca> writes:
> Stupid question I'm sure, but does TLS's anonymous DH protect against
> man-in-the-middle attacks? If so, how? I cannot figure out how it would,
> and it would seem TLS would be wide open to abuse without MITM protection so
> I cannot imagine it would be acceptable practice without some form of
> security.
It doesn't protect against MITM.
You could, however, use a static DH key and then client could
cache it as with SSH.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
