On 1/27/16, 12:47 , "Martin Thomson" <martin.thom...@gmail.com> wrote:
>On 28 January 2016 at 02:17, Blumenthal, Uri - 0553 - MITLL ><u...@ll.mit.edu> wrote: >> Anon != Ephemeral, despite some similarities. > >From a protocol perspective, they are the same. If you mean that you cannot distinguish between the two on the wire - I agree. >The distinction at the protocol level between ECDH_RSA (for example) and >ECDH_anon is >that ECDH_anon requires a ServerKeyShare message in the same way that >ECDHE_RSA does. The distinction is in what you can do with the exchange. >I agree that Nikos' point is a good one, but we've implementations of >ECDHE_ that provide a stable value for their ephemeral key >(unfortunately, that's the default mode in NSS). But that is BAD (and it’s gotta change ;). It’s like implementations that always generate random number “0” (no smileys - I’ve seen those).
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
