On 18 Apr 2002, Eric Rescorla wrote: > Erwann ABALEA <[EMAIL PROTECTED]> writes: > > No. The client normally performs the verification of the challenge signed > > by the server. But it can eventually skip this verification, and go on > > talking SSL with the server... > No, this is incorrect most of the time (whenever you're doing static > RSA key exchange). The client ENCRYPTS the PreMasterSecret under > the server's public key. This necessitates knowing the public key.
Yes, that's right. But to me it seems that enhancing access restriction using the server cert is not a good idea. That means the server cert is a secret known only by the trusted users. By definition, a certificate is public, so it cannot be a secret. And again, that's using symetric cryptosystems techniques with asymetric algorithms. It's a bad design (tm). -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5 ----- Neuneu, moi ? Peut-être. En tout cas, je ne le fais pas exprès. Ca vient tout seul. Des fois, un mot, même insignifiant, et ça part. Tenez, dites pour voir un mot, au hasard je précise. -+- C In Guide du Neuneu d'Usenet : Neuneu avoué est à demi pardonné -+- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
