SSL/TLS passive sniffing
ben at iagu.net
ben at iagu.net
Wed Dec 1 03:28:44 EST 2004
> -----Original Message-----
> From: Eric Rescorla [mailto:ekr at rtfm.com]
> Sent: Wednesday, December 01, 2004 7:01 AM
> To: iang at systemics.com
> Cc: Ben Nagy; cryptography at metzdowd.com
> Subject: Re: SSL/TLS passive sniffing
>
> "Ian Grigg" <iang at systemics.com> writes:
[...]
> > However could one do a Diffie Hellman key exchange and do this
> > under the protection of the public key? [...]
>
> Uh, you've just described the ephemeral DH mode that IPsec
> always uses and SSL provides.
>
> Try googling for "station to station protocol"
>
> -Ekr
Riiiiight. And my original question was, why can't we do that one-sided with
SSL, even without a certificate at the client end? In what ways would that
be inferior to the current RSA suites where the client encrypts the PMS
under the server's public key.
Eric's answer seems to make the most sense - I guess generating the DH
exponent and signing it once per connection server-side would be a larger
performance hit than I first thought, and no clients care.
Thanks for all the answers, on and off list. ;)
Cheers,
ben
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list