LISTSERV - HP3000-L Archives

HP3000-L Archives

October 2001, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L October 2001, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Question about SSL
From:	Ken Hirsch <[log in to unmask]>
Reply To:	Ken Hirsch <[log in to unmask]>
Date:	Tue, 2 Oct 2001 11:37:14 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (21 lines)

Steve Dirickson (Volt) wrote

> That isn't quite how it works. Use of server or client certificates is
> optional; even if used, they have nothing to do with securing the data
> exchanged--certificates are used only to authenticate that the other end
> is really who it claims to be.


The use of server certificates is optional in SSL/TLS, but I think that all
the browsers require them as policy.  I haven't been able to verify that,
though.

When a server certificate is used--which, in practice, it always is--then
the key in the certificate is used instead of the ServerKeyExchange.
Because the certificates can be verified from out-of-band data, they protect
against active man-in-the-middle attacks.  Non-certificate key exchanges
only protect against passive eavesdroppers.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU