Re: SSL without certificates
From: MS (ms_at_ms.net)
Date: 07/08/03
- Next message: Magenta Sky: "Re: The Best Kept Secrets of The Computer Underground"
- Previous message: Don Kelloway: "Re: The Best Kept Secrets of The Computer Underground"
- In reply to: Terry: "Re: SSL without certificates"
- Next in thread: ASMdood: "Re: SSL without certificates"
- Reply: ASMdood: "Re: SSL without certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 07 Jul 2003 18:15:25 -0400
Terry wrote:
> Quote: mccarthur@btinternet.com wrote that the client needs the server's
> cert
> because the client uses the public key from the cert to encrypt the data
> sent to the server. That is not correct. The data sent back and forth
> along the SSL connection are encrypted using a symmetric (secret) key,
> not a public key. The secret key is created during the SSL handshake.
>
> As far as I know, in a SSL connection, the server's cert sent to client is
> used to encrypt the session key(secret symmetric key) generated on the
> client side which is then sent to the server for use in the connection. So
> if the you dont use a server's cert, how can this be done?
>
The TLS standard allows "anonymous" key exchange. That is, the symmetric
key is generated without a priori authentication of the two parties. For
example, the Diffie-Hellman protocol can be used for that --- in
essence, each party creates a piece of the key, they exchange the two
pieces, and put them together to form the common secret key. And it's
done in such a way that an eavesdropper cannot recreate the key.
MS
- Next message: Magenta Sky: "Re: The Best Kept Secrets of The Computer Underground"
- Previous message: Don Kelloway: "Re: The Best Kept Secrets of The Computer Underground"
- In reply to: Terry: "Re: SSL without certificates"
- Next in thread: ASMdood: "Re: SSL without certificates"
- Reply: ASMdood: "Re: SSL without certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
