> How about having each side send something like
> HMAC[shared_secret](Finished messages)? I used something similar to
> this with good results in the SRP Telnet specification. An MITM will
> cause the Finished messages to be different, and since he won't know the
> shared secret, he can't "rewrite" the HMAC to match the altered Finished
> messages. This works with any ciphersuite, including ADH. Just make
> sure the two sides send slightly different HMACs, e.g. swap the order of
> client and server Finished messages.
Huh? The MITM could just proxy all the data between two distinct SSL
connections and he would know all the data that was supposed to be sent
securely. Yes, he couldn't tamper with the data, but that's hardly
sufficient.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
