Mathias Sundman wrote:
On Wed, 18 May 2005, Ken Goldman wrote:
All correct for authentication. There are times that public keys or
certificates are encrypted using a DH protocol for privacy. You might
not want a man in the middle to track where you go, and a certificate
is your identity.
Correct me if I'm wrong, but my understanding is that you should never
be afraid of exposing your certificate. A certificate alone does NOT
prove your identity. You must always prove your indentity by using your
private key to respond to a challange. So there is no need to protect
the certificate.
The fact a proof was performed might be of interest for someone.
Proof transcript could be easily verifiable by any 3rd party.
Any it could be available to any 3rd party (unlike the data
sent after handshake).
No one could say that YOU have visited a place just because someone has
showed them your certificate, without proving it's ownership using the
corresponding private key.
Yes, just a certificate does not help a 3d party to create a new proof.
However, it could be used to verify signature created as a proof
for an old session with client authentication.
It was described already, anyway:
SSL authentication with client certificate is done by signing
a hash of protocol messages. This signature is verifiable
with public key from client certificate. Both certificate and signatures
are sent over the wire as cleartext, unless client authentication
is requested while re-negotiation.
So, a signed (and universally verifiable) proof of visiting a site
is available for any 3rd party listening to the wire.
The same applies to the aggressive mode of IKE
Under what circumstances do you use DH to protect the transfer of a
certificate? My understanding is that DH is mosly used to establish a
secure channel through which you exchange the key for a symmetric cipher
used for the encryption of the data that will follow.
Main mode of IKE with certificate-based authentication do DH
after 2nd exchange and use the common secret established
to encrypt the last (3rd) exchange
with identity, certificates and signature inside.
Hope this is clear enough,
Vadym
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
