On Thu, Apr 10, 2008 at 09:22:37PM -0700, Julian wrote:
> Here is what I came up with:
>
> Peer A, B, C.
>
> Peer A, B, C generates 2 2048 bit RSA keys.
>
> Peer A, B, C connects to Login server over TLS.
>
> Login server signs each key and signs only one for key signing.
>
> Peer A generates a session key and signs it.
>
> Peer A connects to Peer B over TLS.
Is the TLS channel authenticated (TLS server certs checked? TLS
client certs requested, presented and checked? Details?)
> Peer A exchanges public key with Peer B.
What does this mean?
> Peer A and B now have encrypted channel that C cannot decrypt.
They get that for free with Anonymous TLS and no certs at all, provided
C is not doing an active man-in-the-middle attack... What are you
really trying to do?
Designing secure protocols is hard, don't! Use existing protocols in
well understood ways.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
