[16491] in cryptography@c2.net mail archive
Re: SSL/TLS passive sniffing
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Wed Dec 1 14:52:39 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: ben@iagu.net
Cc: <cryptography@metzdowd.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 01 Dec 2004 07:26:48 -0800
In-Reply-To: <200412010828.iB18Sl1P032136@new.iagu.net> (ben@iagu.net's
message of "Wed, 1 Dec 2004 09:28:44 +0100")
ben@iagu.net writes:
>> -----Original Message-----
>> From: Eric Rescorla [mailto:ekr@rtfm.com]
>> Sent: Wednesday, December 01, 2004 7:01 AM
>> To: iang@systemics.com
>> Cc: Ben Nagy; cryptography@metzdowd.com
>> Subject: Re: SSL/TLS passive sniffing
>>
>> "Ian Grigg" <iang@systemics.com> writes:
> [...]
>> > However could one do a Diffie Hellman key exchange and do this
>> > under the protection of the public key? [...]
>>
>> Uh, you've just described the ephemeral DH mode that IPsec
>> always uses and SSL provides.
>>
>> Try googling for "station to station protocol"
>>
>> -Ekr
>
> Riiiiight. And my original question was, why can't we do that one-sided with
> SSL, even without a certificate at the client end? In what ways would that
> be inferior to the current RSA suites where the client encrypts the PMS
> under the server's public key.
Just to be completely clear, this is exactly whatthey
TLS_RSA_DHE_* ciphersuites currently do, so it's purely a matter
of configuration and deployment.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
