anonymous DH & MITM
Tim Dierks
tim at dierks.org
Wed Oct 1 19:23:08 EDT 2003
At 07:06 PM 10/1/2003, M Taylor wrote:
>Stupid question I'm sure, but does TLS's anonymous DH protect against
>man-in-the-middle attacks? If so, how? I cannot figure out how it would,
>and it would seem TLS would be wide open to abuse without MITM protection so
>I cannot imagine it would be acceptable practice without some form of
>security.
It does not, and most SSL/TLS implementations/installations do not support
anonymous DH in order to avoid this attack. Many wish that anon DH was more
broadly used as an intermediate security level between bare, insecure TCP &
authenticated TLS, but this is not common at this time.
(Of course, it's not even clear what MITM means for an "anonymous"
protocol, given that the layer in question makes no distinction between Bob
& Mallet.)
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list