Re: HTTPS security model and TLS anonymous cipher-suites

[Olivier Mascia]

Dear,

Le 04-déc.-06 à 19:15, Victor Duchovni a écrit :
TLS includes anonymous cipher-suites (ADH) that do not require or use
server certificates. Postfix 2.3 clients using opportunistic TLS with
Postfix 2.3 (SMTP+STARTTLS) servers will use anonymous ciphers by
default, because SMTP server authentication is not widely practiced
or practical:

        http://www.postfix.org/TLS_README.html#client_tls_limits


Le 05-déc.-06 à 00:25, David Schwartz a écrit :

If a user types in "https://site-i-trust.com"; and gets the little  
lock icon
and no warning, he's supposed to be allowed to assume that someone  
he trusts
has certified that he has actually reached "site-i-trust.com".

That is not my goal of course.  I don't need the user to see a lock  
nor want to fake anything.  I wouldn't even need their url scheme to  
be https://.  All I'm seeking is a way to have the browser engage an  
encrypted link with the server before sending its first query.  The  
TLS anonymous cipher-suites Victor wrote about in the other answer to  
my question look like what I am looking for, but I have a doubt  
browsers would generally support this.  I'll dig more information and  
program some tests.


There may be ways to solve your outer problem. The most obvious  
being to
either obtain a certificate signed by a trusted third party or to  
get users
to install your certificate themself.

That would work of course, but each user-customer runs his own server  
(and this is no webservers meant to be accessed by the public at  
large) and getting a certificate for each of those from a public  
authority is useless because nobody tries to authenticate these  
servers at first, just to establish encrypted communications between  
those and their users. We might freely deliver them certificates  
signed by some root of us that we would ask them to download and  
install. But that introduces a dependance on us that I don't like to  
impose on them.

I'll probably try to find ways NOT to need encrypted HTTP at first  
and only upgrade to secured channel at a later stage (when protocol  
switch to non-HTTP).

Thanks so much (Victor and David) for these answers,

--
Olivier Mascia



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]