[16482] in cryptography@c2.net mail archive
Re: SSL/TLS passive sniffing
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Wed Dec 1 01:50:06 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: iang@systemics.com
Cc: "Ben Nagy" <bnagy@eeye.com>, cryptography@metzdowd.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 30 Nov 2004 21:55:40 -0800
In-Reply-To: <3417.82.70.142.134.1101834434.squirrel@82.70.142.134> (Ian
Grigg's message of "Tue, 30 Nov 2004 12:07:14 -0500 (EST)")
"Ian Grigg" <iang@systemics.com> writes:
>> There was some question about whether this is possible for connections that
>> use client-certs, since it looks to me from the spec that those connections
>> should be using one of the Diffie Hellman cipher suites, which is obviously
>> not vulnerable to a passive sniffing 'attack'. Active 'attacks' will
>> obviously still work. Bear in mind that we're talking about deliberate
>> undermining of the SSL connection by organisations, usually against their
>> website users (without talking about the goodness, badness or legality of
>> that), so "how do they get the private keys" isn't relevant.
>
> I note that disctinction well! Certificate based systems
> are totally vulnerable to a passive sniffing attack if the
> attacker can get the key. Whereas Diffie Hellman is not,
> on the face of it. Very curious...
Not necessarily. For instance, IPsec uses certificates to authenticate
DH keys, so they're not vulnerable to this kind of attack. As I noted,
SSL also has a similar mode.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
