Hi all, I'm a bumbling crypto enthusiast as a sideline to my other, real, areas of security expertise. Recently a discussion came up on firewall-wizards about passively sniffing SSL traffic by a third party, using a copy of the server cert (for, eg, IDS purposes).
There was some question about whether this is possible for connections that use client-certs, since it looks to me from the spec that those connections should be using one of the Diffie Hellman cipher suites, which is obviously not vulnerable to a passive sniffing 'attack'. Active 'attacks' will obviously still work. Bear in mind that we're talking about deliberate undermining of the SSL connection by organisations, usually against their website users (without talking about the goodness, badness or legality of that), so "how do they get the private keys" isn't relevant. However, I was wondering why the implementors chose the construction used with the RSA suites, where the client PMS is encrypted with the server's public key and sent along - it seems to make this kind of escrowed passive sniffing very easy. I can't think why they didn't use something based on DH - sure you only authenticate one side of the connection, but who cares? Was it simply to save one setup packet? Anyone know? Cheers, ben --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
