Stupid question I'm sure, but does TLS's anonymous DH protect against man-in-the-middle attacks? If so, how? I cannot figure out how it would, and it would seem TLS would be wide open to abuse without MITM protection so I cannot imagine it would be acceptable practice without some form of security.
It does not, and most SSL/TLS implementations/installations do not support anonymous DH in order to avoid this attack. Many wish that anon DH was more broadly used as an intermediate security level between bare, insecure TCP & authenticated TLS, but this is not common at this time.
(Of course, it's not even clear what MITM means for an "anonymous" protocol, given that the layer in question makes no distinction between Bob & Mallet.)
- Tim
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
