On Fri, Aug 28, 2009 at 10:06:43AM -0700, Michael Sierchio wrote: > Victor Duchovni wrote: > > > No. Without a previously arranged shared secret and no trusted introducer, > > DH doesn't require anything but mutual knowledge of public > keys, since the shared secret is implicit. Either OOB or > via a trusted directory service, or a cert binding the identity > of a principal to a pubkey suffice.
The OP is not using fixed DH keys. He is proposing to use ADH key exchange. This gives confidentiality, but NOT authentication. The OP would be better off with self-signed certificates, and a client that learns and caches peer certificates at first contact. Subsequent communication is protected by the cached certificates, but of course there is no assurance that the cached certificates are not those of a persistent MITM attacker. Bootstrapping authentication requires an out-of-band secure channel for key exchange (or initial delivery of keys of trusted introducers). -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org