DH Support Optional on Servers?
Nathan D. Bowen
nbowen+yadis at andtonic.com
Mon Jun 20 19:18:57 PDT 2005
I seem to remember non-DH sessions being allowed only to save some
processing when associating over SSL, but as it stands, the spec makes
it sound like DH is never required:
If the server does not support DH, they may ignore the DH fields
in the request and reply exactly as to a non-DH request.
Is this correct? Servers are not required to support DH at all, and a
consumer requesting a DH session is only suggesting the use of DH,
regardless of whether the connection is otherwise protected from
eavesdropping?
More information about the yadis
mailing list