SSL/TLS passive sniffing
David Wagner
daw at cs.berkeley.edu
Tue Nov 30 22:22:29 EST 2004
Ben Nagy wrote:
>Recently a discussion came up on firewall-wizards about
>passively sniffing SSL traffic by a third party, using a copy of the server
>cert (for, eg, IDS purposes).
This sounds very confused. Certs are public. How would knowing a copy
of the server cert help me to decrypt SSL traffic that I have intercepted?
Now if I had a copy of the server's private key, that would help, but such
private keys are supposed to be closely held.
Or are you perhaps talking about some kind of active man-in-the-middle
attack, perhaps exploiting DNS spoofing? It doesn't sound like it, since
you mentioned passive sniffing.
And it doesn't matter whether you use Diffie-Hellman or RSA with Verisign
certs; either way, SSL should be secure against passive eavesdropping.
I think you need to elaborate before we can give any sensible responses.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list