> -----Original Message-----
> From: Eric Rescorla [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, December 01, 2004 7:01 AM
> To: [EMAIL PROTECTED]
> Cc: Ben Nagy; [EMAIL PROTECTED]
> Subject: Re: SSL/TLS passive sniffing
> 
> "Ian Grigg" <[EMAIL PROTECTED]> writes:
[...]
> > However could one do a Diffie Hellman key exchange and do this
> > under the protection of the public key? [...]
> 
> Uh, you've just described the ephemeral DH mode that IPsec
> always uses and SSL provides.
> 
> Try googling for "station to station protocol"
> 
> -Ekr

Riiiiight. And my original question was, why can't we do that one-sided with
SSL, even without a certificate at the client end? In what ways would that
be inferior to the current RSA suites where the client encrypts the PMS
under the server's public key.

Eric's answer seems to make the most sense - I guess generating the DH
exponent and signing it once per connection server-side would be a larger
performance hit than I first thought, and no clients care.

Thanks for all the answers, on and off list. ;)

Cheers,

ben



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to