-----Original Message----- From: Eric Rescorla [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 25, 2000 12:19 PM To: [EMAIL PROTECTED] Subject: Re: Diffie-Hellman Certs >This isn't strictly true. SSL has three varieties of DH cipher suites: >anonymous - the DH shares are unauthenticated. >ephemeral authenticated - the server's DH share is signed by the server's static signing key. >static - the server's DH share is in its certificate. >In ephemeral authenticated and static, the server ALWAYS sends its >certificate. If the client is to be authenticated, the server can >request the client's certificate. The client can then either >send its DH certificate (unlikely) or a CertificateVerify >message and it's signing certificate. If the client has a static >DH certificate, its ability to generate the DH pairwise key >is proof of private key possession. Ok , so if I am using DH key exhange DSA certificates and DES encryption in openssl is my DH key exchange authenticated or not? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
