[EMAIL PROTECTED] writes: >> -----Original Message----- >> From: Eric Rescorla [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, December 01, 2004 7:01 AM >> To: [EMAIL PROTECTED] >> Cc: Ben Nagy; [EMAIL PROTECTED] >> Subject: Re: SSL/TLS passive sniffing >> >> "Ian Grigg" <[EMAIL PROTECTED]> writes: > [...] >> > However could one do a Diffie Hellman key exchange and do this >> > under the protection of the public key? [...] >> >> Uh, you've just described the ephemeral DH mode that IPsec >> always uses and SSL provides. >> >> Try googling for "station to station protocol" >> >> -Ekr > > Riiiiight. And my original question was, why can't we do that one-sided with > SSL, even without a certificate at the client end? In what ways would that > be inferior to the current RSA suites where the client encrypts the PMS > under the server's public key.
Just to be completely clear, this is exactly whatthey TLS_RSA_DHE_* ciphersuites currently do, so it's purely a matter of configuration and deployment. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]