> Without some alternative mode of server authentication, of course,
> Anon DH remains a pretty scary proposition -- all the more so because it
> implies a level of trustworthiness that it can not provide.
In the telnet protocol we would like to use Anon-DH in conjunction
with RFC 1416 based telnet authentication protocols that provide for
mutual authentication. But in order to ensure that there is no MITM
we need to verify during the authentication the finish messages of the
client and server. Unfortunately, none of the SSL/TLS libraries
provide a clean method for an application to retrieve this
information. Nor do the authors appear to want to add such
functionality as they believe it violates some architectural design.
Therefore, it appears that Anon-DH will never be able to be used in a
secure manner and should be considered a dead end.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
