On Thu, Oct 02, 2003 at 12:06:40AM +0100, M Taylor wrote: > > Stupid question I'm sure, but does TLS's anonymous DH protect against > man-in-the-middle attacks?
No, it doesn't. > If so, how? I cannot figure out how it would, > and it would seem TLS would be wide open to abuse without MITM protection so > I cannot imagine it would be acceptable practice without some form of > security. The non DH suites are there in the spec for use when your security model allows. Not many uses of TLS do. Last time I checked, which was a while ago now, very few deployed https servers offered anon DH suites. Which is appropriate since MITM breaks the https security model. Eric --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
