[In response to Pascal Janse van Vuuren, 13 Nov 2001]
The "RSA Security's Official Guide to Cryptography" has pretty good
discussion of various kinds of attacks and how they can be dealt with.
See p108 for a discussion on using Diffie-Hellman based key exchange.
(Doesn't mention OpenSSL, though.
"Pascal Janse van Vuuren" <[EMAIL PROTECTED]> writes:
> I'm not a real crypto expert. But, I'm facing a potential (?)
> problem. I've used OpenSSL to negotiate a secure control channel
> between two nodes of a private network. The generated private keys
> are encrypted with a specific password. Na
Probably not, as long as the client can properly respond to a changed server
key. For instance, in SSH2, the ssh client "remembers" the server's key on
the first connection. The client can be configured to abort server
connections when the key changes from a known value, or at the minimum the
clie
You are correct about IE 5.x not checking the CRL by default, but be
careful in using this.
I recently found a bug with Windows 95, 98, and NT where if you checked the
box in Internet Options to tell IE to verify the CRL, it would do so, but
if a CRL link was provided, all other certificate verif
On Mon, Feb 05, 2001 at 09:12:42AM -0500, Michael T. Babcock wrote:
> Greg Stark wrote:
> > The attack you are referring to is defeated by the client checking the
> > identity that is contained in the certificate. I do not know why you are so
> > sure that this checking is not normally done. IE a
Greg Stark wrote:
> The attack you are referring to is defeated by the client checking the
> identity that is contained in the certificate. I do not know why you are so
> sure that this checking is not normally done. IE and Netscape Nav. do it,
> for example [...]
IE 5.x does not, by default, ch
I am replying to -users even though the original post was sent to -dev.
First, a nit on terminology. The protocols should be referred to as the SSL
protocols or perhaps more accurately the SSL/TLS protocols, not the openssl
protocol. OpenSSL is an implementation of these protocols.
The attack yo
