Tim Dierks <[EMAIL PROTECTED]> writes: >It does not, and most SSL/TLS implementations/installations do not support >anonymous DH in order to avoid this attack.
Uhh, I think that implementations don't support DH because the de facto standard is RSA, not because of any concern about MITM (see below). You can talk to everything using RSA, you can talk to virtually nothing using DH, therefore... >Many wish that anon DH was more broadly used as an intermediate security >level between bare, insecure TCP & authenticated TLS, but this is not common >at this time. RSA is already used as anon-DH (via self-signed, snake-oil CA, expired, invalid, etc etc certs), indicating that MITM isn't much of a concern for most users. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
