Re: Question on client authentication and signing

Wed, 07 Mar 2001 07:31:45 -0800 

Jeff,

    That is correct, all the payload data is MAC'ed using shared symmetric
keys, so repudiation by either peer claiming tampering by the other is
possible.

_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________



----- Original Message -----
From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 07, 2001 10:32 AM
Subject: Re: Question on client authentication and signing


>
> Greg;
>
> Thanks. Therefore if I read this right, all the actually data
> passed across the session (i.e. all the real data passed after the
> handshae has been completed) is encoded with the symmetrically generated
> key only and hence could not be used to non-repudiation?
>
> Jeff
>
>
> On Wed, 7 Mar 2001, Greg Stark wrote:
>
> > Jeffrey,
> >
> >     The short answer is neither. The client's only use of its private
key is
> > to sign a hash of the handshake messages, one of which includes the
server
> > random value.
> >
> > _____________________________________
> > Greg Stark
> > Ethentica, Inc.
> > [EMAIL PROTECTED]
> > _____________________________________
> >
> >
> >
> > ----- Original Message -----
> > From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 07, 2001 9:46 AM
> > Subject: Question on client authentication and signing
> >
> >
> > > People;
> > >
> > > I've been asked to review a document for some PKI system which
> > > deals with some issues I have not come across before and was hoping
> > > someone could verify what I believe is true. This is more a
browser/SSL
> > > issue than openssl, but I think I can generalize it enough.
> > >
> > > If an SSL server requires a client certificate, are all
> > > transmissions passed to the server encoded with the private key of the
> > > client, or just the initial secret key exchange? I'd assume just the
> > > initial key exchange from what I know of the SSL protocol.
> > >
> > > Thanks
> > >
> > > Jeffrey Burgoyne
> > > [EMAIL PROTECTED]
> > >
> > >
> > > ______________________________________________________________________
> > > OpenSSL Project                                 http://www.openssl.org
> > > User Support Mailing List                    [EMAIL PROTECTED]
> > > Automated List Manager                           [EMAIL PROTECTED]
> >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to