SSL/TLS passive sniffing
Eric Rescorla
ekr at rtfm.com
Wed Dec 1 10:26:48 EST 2004
ben at iagu.net writes:
>> -----Original Message-----
>> From: Eric Rescorla [mailto:ekr at rtfm.com]
>> Sent: Wednesday, December 01, 2004 7:01 AM
>> To: iang at systemics.com
>> Cc: Ben Nagy; cryptography at metzdowd.com
>> Subject: Re: SSL/TLS passive sniffing
>>
>> "Ian Grigg" <iang at systemics.com> writes:
> [...]
>> > However could one do a Diffie Hellman key exchange and do this
>> > under the protection of the public key? [...]
>>
>> Uh, you've just described the ephemeral DH mode that IPsec
>> always uses and SSL provides.
>>
>> Try googling for "station to station protocol"
>>
>> -Ekr
>
> Riiiiight. And my original question was, why can't we do that one-sided with
> SSL, even without a certificate at the client end? In what ways would that
> be inferior to the current RSA suites where the client encrypts the PMS
> under the server's public key.
Just to be completely clear, this is exactly whatthey
TLS_RSA_DHE_* ciphersuites currently do, so it's purely a matter
of configuration and deployment.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list