LISTSERV - HP3000-L Archives

HP3000-L Archives

October 2001, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L October 2001, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Question about SSL
From:	"Steve Dirickson (Volt)" <[log in to unmask]>
Reply To:	Steve Dirickson (Volt)
Date:	Tue, 2 Oct 2001 13:59:23 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (73 lines)

> The use of server certificates is optional in SSL/TLS, but I 
> think that all
> the browsers require them as policy.  I haven't been able to 
> verify that,
> though.
> 
> When a server certificate is used--which, in practice, it 
> always is--then
> the key in the certificate is used instead of the ServerKeyExchange.
> Because the certificates can be verified from out-of-band 
> data, they protect
> against active man-in-the-middle attacks.  Non-certificate 
> key exchanges
> only protect against passive eavesdroppers.

That isn't how I read the RFC. 

F.1. Handshake protocol

   The handshake protocol is responsible for selecting a CipherSpec and
   generating a Master Secret, which together comprise the primary
   cryptographic parameters associated with a secure session. The
   handshake protocol can also optionally authenticate parties who have
   certificates signed by a trusted certificate authority.

8.1. Computing the master secret

   For all key exchange methods, the same algorithm is used to convert
   the pre_master_secret into the master_secret. The pre_master_secret
   should be deleted from memory once the master_secret has been
   computed.

       master_secret = PRF(pre_master_secret, "master secret",
                           ClientHello.random + ServerHello.random)
       [0..47];

   The master secret is always exactly 48 bytes in length. The length of
   the premaster secret will vary depending on key exchange method.

7.4.3. Server key exchange message

   When this message will be sent:
       This message will be sent immediately after the server
       certificate message (or the server hello message, if this is an
       anonymous negotiation).

       The server key exchange message is sent by the server only when
       the server certificate message (if sent) does not contain enough
       data to allow the client to exchange a premaster secret. This is
       true for the following key exchange methods:

           RSA_EXPORT (if the public key in the server certificate is
           longer than 512 bits)
           DHE_DSS
           DHE_DSS_EXPORT
           DHE_RSA
           DHE_RSA_EXPORT
           DH_anon

       It is not legal to send the server key exchange message for the
       following key exchange methods:

           RSA
           RSA_EXPORT (when the public key in the server certificate is
           less than or equal to 512 bits in length)
           DH_DSS
           DH_RSA

IOW, if the certificate meets the requirements, it may be used to protect the transmission of the pre_master_secret. No matter how the pre_master_secret is conveyed, it is used to generate the master_secret, which controls all further encryption.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU