DH Support Optional on Servers?
paul at ciphergoth.org
Mon Jun 20 22:20:18 PDT 2005
Nathan D. Bowen wrote:
> Is this correct? Servers are not required to support DH at all, and a
> consumer requesting a DH session is only suggesting the use of DH,
> regardless of whether the connection is otherwise protected from
That's my intent. Note that anywhere the attacker can perform a
protocol rollback attack, they can tamper with the DH session parameters
and sniff the session that way.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis