AngelWarrior wrote: > Thank you for replying. > I am thinking of this design.Is this feasible.My design approach > is mainly based on > "I dont need to know with whom I am contacting but after contact > my messages should be private."
I don't think this is a coherent approach unless you layer some kind of authentication on top of it. For example, you cannot set up authentication of this type and then send a password, because you have no idea who you are sending it to. Suppose Alice wants to send some message to Bob. The problem is, she never knows if she has: Alice <-> Bob or Alice <-> MITM <-> Bob And if she has the bottom, your messages are not private. The MITM can detect them. So you never know if there is someone between you and the actual originator of the data. I can't see how this could be useful unless you do one of several things that you don't seem to be doing. (For example, using Shamir's Interlock protocol, using a second-round of authentication against the SSL finished messages, or using secure challenge-response authentication to prove identity.) >1.(client)create a normal socket and connect to the server >2.(server)After receiving the connection send deffie hellman paramerters >3. (client)compute my key and pass the params for DH >4.(server)compute the key number >6. (client)Multiple(n==10) key exchange using DH >5. (server)Multiple(n==10) key exchange using DH >7.(server)generate the public key and encrypt with the key which we have already exchanged. >8.(server)Send the key to client and disconnect the normal socket. >10.(client)after receiving the key close the connection. >11.(client)Start a normal openssl connection. Why not just let SSL and an anonymous protocol do the whole thing? I don't see any benefit to all the early steps. And I don't see how this would be useful if you don't implement MITM detection elsewhere or otherwise design the next protocol up to reject a MITM. Most people who say they want to do what you are doing don't realize that they really do need MITM detection. They think "I don't care who's at the other end, so I don't need a known certificate", but the problem is that you can't know that the data is actually originating with the other end of the SSL connection without MITM detection. What's the point of encryption if you don't know if you're talking to Bob, or Bob through a MITM? You can't hide the data from the MITM, so why bother encrypting? DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
