On Wed, May 20, 2009 at 03:18:34PM -0500, AngelWarrior wrote:
> Thank you for replying.
> I am thinking of this design.Is this feasible.My design approach is mainly
> based on
> "I dont need to know with whom I am contacting but after contact my messages
> should be private."
For pseudonymous security, where authentication is boot-strapped from
an insecure initial introduction:
Post the server certificate on a web-site, have clients download it the
first time, and cache it for its lifetime. You can sign each generation
of the server cert with the previous cert using s/mime or similar.
For one-shot message confidentiality against passive eavesdroppers:
Use anonymous TLS cipher-suites that don't have any certificates at all.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]