OK, Ian and I are, rightly or wrongly, on the same page here. Obviously my
choice of the word certificate has caused confusion.
This sounds very confused. Certs are public. How would
knowing a copy
of the server cert help me to decrypt SSL traffic that I have
Yes, sorry, what I _meant_ was the whole certificate file, PFX style, also
containing private keys. I assure you, I'm not confused, just perhaps guilty
of verbal shortcuts. I should, perhaps, have not characterised myself as
'bumbling enthusiast', to avoid the confusion with 'idiot'. :/
Ian Grigg writes:
I note that disctinction well! Certificate based systems
are totally vulnerable to a passive sniffing attack if the
attacker can get the key. Whereas Diffie Hellman is not,
on the face of it. Very curious...
No, that is not accurate. Diffie-Hellman is also insecure if
key is revealed to the adversary. The private key for
is the private exponent.
No, I'm not talking about escrowing DH exponents. I'm talking about modes
like in IPSec-IKE where there is a signed DH exchange using ephemeral DH
exponents - this continues to resist passive sniffing if the _signing_ keys
have somehow been compromised, unless I have somehow fallen on my head and
Perhaps the distinction you had in mind is forward secrecy.
Yes and no. Forward secrecy is certainly at the root of my question, with
regards to the RSA modes not providing it and certain of the DH modes doing
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]