(continuing TOFU posting to keep the thread somewhat consistent)
Given some of the mathematical restrictions on parameters needed to
keep DSA and ECDSA safe from attackers, I don't think using the same
private key for ECDSA and ECDH is a good/safe idea.
However I am not a genius cryptanalyst, so I cannot guarantee that
this is really dangerous, it is just a somewhat educated guess.
On 11/2/2012 9:06 PM, Abhiram Shandilya wrote:
I thought the keys in ECC certificates can be used for both ECDH key agreement
and ECDSA digital signature.
-----Original Message-----
From: Erik Tkal
Sent: Friday, November 02, 2012 8:24 AM
To: openssl-users@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the appropriate
set of suites?
-----Original Message-----
From: Dr. Stephen Henson
Sent: Thursday, November 01, 2012 10:38 PM
To: openssl-users@openssl.org
Subject: Re: ECDH-RSA and TLS 1.2
On Fri, Nov 02, 2012, Abhiram Shandilya wrote:
Hi Steve, Thanks for your response. I'm just trying to figure out what
it takes to get this working - are you of the opinion that an SSL
server should not support TLS 1.2 ECDH-RSA cipher suites? Could you also
mention why?
Well one reason is that the fixed ECDH cipher suites do not support forward
secrecy because they always use the same ECDH key.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org