>This sounds very confused. Certs are public. How would knowing a copy >of the server cert help me to decrypt SSL traffic that I have intercepted?
I found allot of people mistakenly use the term certificate to mean something like a pkcs12 file containing public key certificate and private key. Maybe if comes from crypto software sales people that oversimplify or don't really understand the technology. I don't know, but it's a rant I have. >Now if I had a copy of the server's private key, that would help, but such >private keys are supposed to be closely held. >Or are you perhaps talking about some kind of active man-in-the-middle >attack, perhaps exploiting DNS spoofing? It doesn't sound like it, since >you mentioned passive sniffing. I guess the threat would be something like an adversary getting access to a web server, getting a hold of the private key (which in most cases is just stored in a file, allot of servers need to be bootable without intervention as well so there is a password somewhere in the clear that allows one to unlock the private key), and then using it from a distance, say on a router near the server where the adversary can sniff the connections. A malicious ISP admin could pull off something like that, law authority that wants to read your messages, etc. Is that a threat worth mentioning? Well, it might be. In any case, forward-secrecy is what can protect us here. Half-certified (or fully certified) ephemeral Diffie-Hellman provides us with that property. Of course, if someone could get the private signature key, he could then do a man-in-the-middle attack and decrypt all messages as well. It wouldn't really be that harder to pull off. --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]