John Denker <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>
>> Uh, you've just described the ephemeral DH mode that IPsec
>> always uses and SSL provides.
>
> I'm mystified by the word "always" there, and/or perhaps by
> the definition of Perfect Forward Secrecy. Here's the dilemma:
>
> On th
An interesting project is occupying a lot of my attention right now but
I don't have time to handle it myself. This project would be an
interesting application if it was implemented using good cryptography,
but the current team lacks the background for it. They've asked me to
help find the right ta
At 02:53 AM 12/1/2004, Dirk-Willem van Gulik wrote:
Access to the private key of the server cert gives you the ability to do
active sniffing and in some subset of cases passive sniffing. Access to
the session key (which requires the right permissions and access to the
httpd server) gives you passiv
Eric Rescorla wrote:
Uh, you've just described the ephemeral DH mode that IPsec
always uses and SSL provides.
I'm mystified by the word "always" there, and/or perhaps by
the definition of Perfect Forward Secrecy. Here's the dilemma:
On the one hand, it would seem to the extent that you use
ephemer
[EMAIL PROTECTED] writes:
>> -Original Message-
>> From: Eric Rescorla [mailto:[EMAIL PROTECTED]
>> Sent: Wednesday, December 01, 2004 7:01 AM
>> To: [EMAIL PROTECTED]
>> Cc: Ben Nagy; [EMAIL PROTECTED]
>> Subject: Re: SSL/TLS passive sniffing
>>
>> "Ian Grigg" <[EMAIL PROTECTED]> writes
In message <[EMAIL PROTECTED]> on Tue, 30 Nov 2004 10:16:11 -0500, "Trei,
Peter" <[EMAIL PROTECTED]> said:
ptrei> Admittedly somewhat old and creaky, but try Googling
ptrei> RSAREF. I don't know where that stands for IP rights
ptrei> (presumably we still have copyright), bout for
ptrei> research
On Tue, 30 Nov 2004, Ben Nagy wrote:
> I'm a bumbling crypto enthusiast as a sideline to my other, real, areas of
> security expertise. Recently a discussion came up on firewall-wizards about
> passively sniffing SSL traffic by a third party, using a copy of the server
Access to the private key
> -Original Message-
> From: Eric Rescorla [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 01, 2004 7:01 AM
> To: [EMAIL PROTECTED]
> Cc: Ben Nagy; [EMAIL PROTECTED]
> Subject: Re: SSL/TLS passive sniffing
>
> "Ian Grigg" <[EMAIL PROTECTED]> writes:
[...]
> > However could one do a
Jack Lloyd <[EMAIL PROTECTED]> writes"
>Looking at my logs, about 95% of all STARTTLS connections are DHE-RSA-AES256-
>SHA; I'm guessing this is because most STARTTLS-enabled SMTP servers (ie
>Postfix, Sendmail, Qmail) use OpenSSL, and recent versions of OpenSSL have
>DHE-RSA-AES256-SHA as the top
Try Intel's open-sourced CDSA, available at SourceForge.
- Tolga
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-
> [EMAIL PROTECTED] On Behalf Of Trei, Peter
> Sent: Tuesday, November 30, 2004 7:16
> To: Sandeep N; [EMAIL PROTECTED]
> Subject: RE: RSA Implementation in C lan
OK, Ian and I are, rightly or wrongly, on the same page here. Obviously my
choice of the word certificate has caused confusion.
[David Wagner]
> This sounds very confused. Certs are public. How would
> knowing a copy
> of the server cert help me to decrypt SSL traffic that I have
> intercepted
11 matches
Mail list logo
