[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS 1.1 and static DH

To: tls@xxxxxxxx
Subject: Re: [TLS] TLS 1.1 and static DH
From: Nelson B Bolyard <nelson@xxxxxxxxxxx>
Date: Wed, 25 Oct 2006 09:22:36 -0700
Cc:
In-reply-to: <20061025112238.GA26268@xxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: Spam haters R US
References: <E1GceUB-0005Lr-00@xxxxxxxxxxxxxxxxxxxxxxxxxx> <B356D8F434D20B40A8CEDAEC305A1F2403500ADA@xxxxxxxxxxxxxxxxxxxxxx> <20061025112238.GA26268@xxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060824 SeaMonkey/1.5a

(My apologies if you receive two copies of this email.)

Bodo Moeller wrote:
> On Wed, Oct 25, 2006 at 01:28:53PM +0300, Pasi.Eronen@xxxxxxxxx wrote:
>> pgut001@xxxxxxxxxxxxxxxxx wrote:
> 
>>> cryptlib definitely doesn't do static DH... in fact does anything?
>>> Why would anyone do it at all, for that matter?
> 
>> Based on a quick look at the source code, at least OpenSSL, Mozilla
>> NSS, and PureTLS appear to support static DH. 
>>
>> But I don't know why they do it either (or whether that part of the
>> code has actually ever been used or tested :-)
> 
> OpenSSL doesn't support static DH, actually.  

Neither does NSS.  The static DH cipher suites are explicitly disabled,
although much of the code necessary to support them is present in NSS.

> There's anonymous and
> non-anonymous ephemeral DH, there's static and ephemeral ECDH, but no
> static DH with DH certificates.  (There's also some code that doesn't
> totally neglect the possibility of having DH certificates, but this
> doesn't mean it is actually used anywhere.)

Likewise, NSS has code to parse (and even create) DH certificates, but
it is untested and unused because in the 10 years I've worked on NSS,
I've never seen a DH cert from any CA.  The Fortezza certs were DH certs,
but they were a rather special case, and the special case Fortezza code
is no longer supported in NSS.

-- 
Nelson B

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] TLS 1.1 and static DH
  - From: Peter Gutmann
- RE: [TLS] TLS 1.1 and static DH
  - From: Pasi.Eronen
- Re: [TLS] TLS 1.1 and static DH
  - From: Bodo Moeller

Prev by Date: Re: [TLS] TLS 1.1 and static DH
Next by Date: Re: [TLS] Open issue: Record Version Numbers
Previous by thread: Re: [TLS] TLS 1.1 and static DH
Next by thread: Re: [TLS] TLS 1.1 and static DH
Index(es):
- Date
- Thread