Hi, Please see the comments inline.
On Mon 18 Feb, 2019, 8:59 AM Salz, Rich, <rs...@akamai.com> wrote: > If a client will sign any challenge presented by any server, it open up a > big hole. An attacker can present a challenge that a (future) valid server > will present, and the attacker, having the answer, can then act as the > device to the server. > Replay attack is avoided by using a challenge/ response pair only once. 2^32 combinations possible for 32 byte challenge. Server is authenticated by its certificate. An attacker will not be able to do so. > For example, the attacker can intercept the server/client communication, > present the challenge on its own, and then act as the client. > MiTM attack is not possible since server is authenticated by certificate. > An attacker will not have the private key of the server. > Thanks and Regards, Sankalp Bagaria.. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
