[14402] in cryptography@c2.net mail archive
Re: anonymous DH & MITM
daemon@ATHENA.MIT.EDU (Tim Dierks)
Wed Oct 1 21:31:07 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 01 Oct 2003 19:23:08 -0400
To: M Taylor <mctylr@privacy.nb.ca>,
Cryptography list <cryptography@metzdowd.com>
From: Tim Dierks <tim@dierks.org>
In-Reply-To: <20031002000640.A7066@pull.privacy.nb.ca>
At 07:06 PM 10/1/2003, M Taylor wrote:
>Stupid question I'm sure, but does TLS's anonymous DH protect against
>man-in-the-middle attacks? If so, how? I cannot figure out how it would,
>and it would seem TLS would be wide open to abuse without MITM protection so
>I cannot imagine it would be acceptable practice without some form of
>security.
It does not, and most SSL/TLS implementations/installations do not support
anonymous DH in order to avoid this attack. Many wish that anon DH was more
broadly used as an intermediate security level between bare, insecure TCP &
authenticated TLS, but this is not common at this time.
(Of course, it's not even clear what MITM means for an "anonymous"
protocol, given that the layer in question makes no distinction between Bob
& Mallet.)
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
