Brian Snyder wrote:
>
>
> In short, this article only applies to SSL embedded clients, and that RSA is
> legal to use to authenticate a signature to a web server (who have paid the
> license fee)... in an embedded SSL client, the client doesnt really use RSA
> for encryption of data. In anycase, I thought a good discussion could be
> had on this topic through this group.
>
Putting aside the legal arguments, the client does actually encrypt data
using SSL for the normal "browser SSL" cipher suites.
The client generates a premaster secret and sends that to the server
encrypted with the servers certified public key. So to use these cipher
suites it needs to encrypt and verify albeit using different keys.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
