DH allowed w/ SSL?

Paul Crowley paul at ciphergoth.org
Mon Jun 6 00:33:19 PDT 2005


Brad Fitzpatrick wrote:
> Should DH be allowed in conjunction with SSL?

The protocol should not forbid it, but implementors of both consumers 
and servers should be encouraged to check when SSL is in use and skip 
the DH step.  Note that the protocol falls back to non-DH when DH is not 
available - this would normally be a bad thing because of protocol 
rollback attacks, but we're not worried about active attacks, only snooping.
-- 
   __
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/


More information about the yadis mailing list