[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] DH_anon

To: tls@xxxxxxxxxxxxxx
Subject: [TLS] DH_anon
From: Mike <mike-list@xxxxxxxxx>
Date: Sun, 19 Nov 2006 12:29:11 -0800
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

It is said that DH_anon is subject to man-in-the-middle
attacks, but that is only true during the first handshake.
If you already have established an authenticated session,
you can use DH_anon to renegotiate.  I think it would be
valid to "un-deprecate" DH_anon, and add a disclaimer
that it should only be used for renegotiation.

Mike

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Prev by Date: [TLS] draft-ietf-tls-rfc4346-bis-02.txt
Next by Date: RE: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
Previous by thread: [TLS] draft-ietf-tls-rfc4346-bis-02.txt
Next by thread: RE: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
Index(es):
- Date
- Thread