Ben Nagy wrote: >Recently a discussion came up on firewall-wizards about >passively sniffing SSL traffic by a third party, using a copy of the server >cert (for, eg, IDS purposes).
This sounds very confused. Certs are public. How would knowing a copy of the server cert help me to decrypt SSL traffic that I have intercepted? Now if I had a copy of the server's private key, that would help, but such private keys are supposed to be closely held. Or are you perhaps talking about some kind of active man-in-the-middle attack, perhaps exploiting DNS spoofing? It doesn't sound like it, since you mentioned passive sniffing. And it doesn't matter whether you use Diffie-Hellman or RSA with Verisign certs; either way, SSL should be secure against passive eavesdropping. I think you need to elaborate before we can give any sensible responses. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
