[16488] in cryptography@c2.net mail archive
RE: SSL/TLS passive sniffing
daemon@ATHENA.MIT.EDU (ben@iagu.net)
Wed Dec 1 11:47:42 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: ben@iagu.net
To: "'EKR'" <ekr@rtfm.com>
Cc: <cryptography@metzdowd.com>
Date: Wed, 1 Dec 2004 09:28:44 +0100
In-Reply-To: <kjoehesglb.fsf@romeo.rtfm.com>
> -----Original Message-----
> From: Eric Rescorla [mailto:ekr@rtfm.com]
> Sent: Wednesday, December 01, 2004 7:01 AM
> To: iang@systemics.com
> Cc: Ben Nagy; cryptography@metzdowd.com
> Subject: Re: SSL/TLS passive sniffing
>
> "Ian Grigg" <iang@systemics.com> writes:
[...]
> > However could one do a Diffie Hellman key exchange and do this
> > under the protection of the public key? [...]
>
> Uh, you've just described the ephemeral DH mode that IPsec
> always uses and SSL provides.
>
> Try googling for "station to station protocol"
>
> -Ekr
Riiiiight. And my original question was, why can't we do that one-sided with
SSL, even without a certificate at the client end? In what ways would that
be inferior to the current RSA suites where the client encrypts the PMS
under the server's public key.
Eric's answer seems to make the most sense - I guess generating the DH
exponent and signing it once per connection server-side would be a larger
performance hit than I first thought, and no clients care.
Thanks for all the answers, on and off list. ;)
Cheers,
ben
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
