On Fri, Aug 28, 2009 at 10:06:43AM -0700, Michael Sierchio wrote:
> Victor Duchovni wrote:
>
> > No. Without a previously arranged shared secret and no trusted introducer,
>
> DH doesn't require anything but mutual knowledge of public
> keys, since the shared secret is implicit. Either OOB or
> via a trusted directory service, or a cert binding the identity
> of a principal to a pubkey suffice.
The OP is not using fixed DH keys. He is proposing to use ADH key
exchange. This gives confidentiality, but NOT authentication.
The OP would be better off with self-signed certificates, and a client
that learns and caches peer certificates at first contact. Subsequent
communication is protected by the cached certificates, but of course
there is no assurance that the cached certificates are not those of
a persistent MITM attacker.
Bootstrapping authentication requires an out-of-band secure channel for
key exchange (or initial delivery of keys of trusted introducers).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
