-----Original Message----- From: Anima <[email protected]> On Behalf Of Anoop Kumar Pandey Sent: Thursday 19 July 2018 05:53 To: 'Michael Richardson' <[email protected]> Cc: 'Toerless Eckert' <[email protected]>; [email protected] Subject: Re: [Anima] Revision of scope of MASA in the BRSKI - Reg
>Presenting a certificate of another party doesn't work. >TLS and other protocols don't just use a certificate, but they use the related >private key to sign part of the transaction. " private key to sign ": That's digital signature. In case of TLS only public key is used to encrypt and share the symmetric key which is used in later communication. No digital signature required. [ofriel] https://tools.ietf.org/html/rfc5246#section-7.4.8 and https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-4.4.3 explain how the client uses its cert private key to sign the TLS handshake transcript. If client doesn’t know the private key, it cant generate the CertificateVerify and TLS fails. -----Original Message----- From: Michael Richardson [mailto:[email protected]] Sent: 17 July 2018 09:20 To: Anoop Kumar Pandey <[email protected]> Cc: 'Toerless Eckert' <[email protected]>; [email protected] Subject: Re: [Anima] Revision of scope of MASA in the BRSKI - Reg Anoop Kumar Pandey <[email protected]> wrote: > Anyone can present certificate of anyone else (it’s public). That’s > why I proposed use of digital signature and later verification to > establish the identity of both JRC and Pledge. Presenting a certificate of another party doesn't work. TLS and other protocols don't just use a certificate, but they use the related private key to sign part of the transaction. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [ ------------------------------------------------------------------------------------------------------------------------------- [ C-DAC is on Social-Media too. Kindly follow us at: Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ] This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. ------------------------------------------------------------------------------------------------------------------------------- _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
