>Therefore if I read this right, all the actually data
>passed across the session (i.e. all the real data passed after the
>handshae has been completed) is encoded with the symmetrically
>generated key only and hence could not be used to non-repudiation?
To be precise, the 'Finished' message, which is also a part of the handshake process
is subjected to encryption and MAC(depending on the cipher suite negotiated).
----------
Success is like a fart - you can only stand your own.
- Anonymous
>-----Original Message-----
>From: Jeffrey Burgoyne [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, March 07, 2001 9:03 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Question on client authentication and signing
>
>
>
>Greg;
>
> Thanks. Therefore if I read this right, all the actually data
>passed across the session (i.e. all the real data passed after the
>handshae has been completed) is encoded with the symmetrically
>generated
>key only and hence could not be used to non-repudiation?
>
>Jeff
>
>
>On Wed, 7 Mar 2001, Greg Stark wrote:
>
>> Jeffrey,
>>
>> The short answer is neither. The client's only use of
>its private key is
>> to sign a hash of the handshake messages, one of which
>includes the server
>> random value.
>>
>> _____________________________________
>> Greg Stark
>> Ethentica, Inc.
>> [EMAIL PROTECTED]
>> _____________________________________
>>
>>
>>
>> ----- Original Message -----
>> From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Wednesday, March 07, 2001 9:46 AM
>> Subject: Question on client authentication and signing
>>
>>
>> > People;
>> >
>> > I've been asked to review a document for some PKI system which
>> > deals with some issues I have not come across before and was hoping
>> > someone could verify what I believe is true. This is more
>a browser/SSL
>> > issue than openssl, but I think I can generalize it enough.
>> >
>> > If an SSL server requires a client certificate, are all
>> > transmissions passed to the server encoded with the
>private key of the
>> > client, or just the initial secret key exchange? I'd
>assume just the
>> > initial key exchange from what I know of the SSL protocol.
>> >
>> > Thanks
>> >
>> > Jeffrey Burgoyne
>> > [EMAIL PROTECTED]
>> >
>> >
>> >
>______________________________________________________________________
>> > OpenSSL Project
>http://www.openssl.org
>> > User Support Mailing List
> [EMAIL PROTECTED]
>> > Automated List Manager
>[EMAIL PROTECTED]
>>
>>
>______________________________________________________________________
>> OpenSSL Project
>http://www.openssl.org
>> User Support Mailing List
> [EMAIL PROTECTED]
>> Automated List Manager
>[EMAIL PROTECTED]
>>
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
