Kenneth Mutka <[EMAIL PROTECTED]> writes:
> > As I said in my previous mail, IE 5 Under Win2K supports
> > DSS/DH.
> >
> > It does not, however, as far as I know, support anonymous
> > DH.
>
> That kinda sucks, doesn't it?
I think that depends on your perspective. There's an argument
to made that bad security is worse than no security at all.
> > Once again, using anonymous DH is a really terrible idea.
> > It leaves you completely open to active attack.
>
> That might be the case, but it's far better than no crypt at all.
That completely depends on your threat model. If what you're
concerned with is sniffing, yes. If what you're concerned
with is active attack via session hijacking, DNS spoofing,
etc., then no, it's no better.
> I could imagine the effect of using ADH is similar to using SSH without RSA.
> Or is it even worse?
If you mean SSH mode where the server has an RSA key but the
client does not, then the answer is that it's far far worse.
In the SSH case, the attacker still can't get at your
password -- provided that you check the server's RSA key
against the one you know matches that server. With SSL and
ADH, an active attacker can recover any data you send over
the channel.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
