DH allowed w/ SSL?
paul at ciphergoth.org
Mon Jun 6 00:33:19 PDT 2005
Brad Fitzpatrick wrote:
> Should DH be allowed in conjunction with SSL?
The protocol should not forbid it, but implementors of both consumers
and servers should be encouraged to check when SSL is in use and skip
the DH step. Note that the protocol falls back to non-DH when DH is not
available - this would normally be a bad thing because of protocol
rollback attacks, but we're not worried about active attacks, only snooping.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis