OK, Ian and I are, rightly or wrongly, on the same page here. Obviously my
choice of the word certificate has caused confusion.

[David Wagner]
> This sounds very confused.  Certs are public.  How would 
> knowing a copy
> of the server cert help me to decrypt SSL traffic that I have 
> intercepted?

Yes, sorry, what I _meant_ was the whole certificate file, PFX style, also
containing private keys. I assure you, I'm not confused, just perhaps guilty
of verbal shortcuts. I should, perhaps, have not characterised myself as
'bumbling enthusiast', to avoid the confusion with 'idiot'. :/

> Ian Grigg writes:
> >I note that disctinction well!  Certificate based systems
> >are totally vulnerable to a passive sniffing attack if the
> >attacker can get the key.  Whereas Diffie Hellman is not,
> >on the face of it.  Very curious...
> No, that is not accurate.  Diffie-Hellman is also insecure if 
> the "private
> key" is revealed to the adversary.  The "private key" for 
> Diffie-Hellman
> is the private exponent.

No, I'm not talking about escrowing DH exponents. I'm talking about modes
like in IPSec-IKE where there is a signed DH exchange using ephemeral DH
exponents - this continues to resist passive sniffing if the _signing_ keys
have somehow been compromised, unless I have somehow fallen on my head and
missed something.

> Perhaps the distinction you had in mind is forward secrecy.

Yes and no. Forward secrecy is certainly at the root of my question, with
regards to the RSA modes not providing it and certain of the DH modes doing
so. :)



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to