On Wed, 18 May 2005, Ken Goldman wrote:
All correct for authentication. There are times that public keys or certificates are encrypted using a DH protocol for privacy. You might not want a man in the middle to track where you go, and a certificate is your identity.
Correct me if I'm wrong, but my understanding is that you should never be afraid of exposing your certificate. A certificate alone does NOT prove your identity. You must always prove your indentity by using your private key to respond to a challange. So there is no need to protect the certificate.
No one could say that YOU have visited a place just because someone has showed them your certificate, without proving it's ownership using the corresponding private key.
Under what circumstances do you use DH to protect the transfer of a
certificate? My understanding is that DH is mosly used to establish a secure channel through which you exchange the key for a symmetric cipher used for the encryption of the data that will follow.
//Mathias ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]