Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
Daniel Lorch wrote: > > Are you sure? Isn't that exactly the point of asymmetric cryptography? > > The way I see it, TLS and SSL work like this (analogous to PGP): You're almost right. > > 1. The client connects to the server and obtains the server's public > >key. The public key is a mathematical recipe to encode (but not > >decode) a message for a specific recipient. ACK. > > 2. Using this public key, the client encodes the message (cleartext -> > >ciphertext). Now the interesting part is, that the client isn't able > >to decode this cipher text he just encoded, because he doesn't have > >the private key (that's why it is also necessary to always encrypt > >PGP messages to yourself, otherwise you won't be able to read them > >later on in your "sent" box). SMTP/TLS does not encrypt individual messages - as it's name implies, it works on the *transport* layer. And there, the public key exchange is used to agree on a symmetric session key. Btw., neither server nor client public keys would technically be required; anonymous DH would work as well (although it would not make much sense...). > > I could now connect to the mail server, obtain the public key and > > generate as many cleartext/ciphertext pairs as I want and I still would > > not be able to guess the private key from that information. Of course, known-plaintext, replay and similar attacks on TLS and SSL are theoretically possible. However, I have not heard of practically possible or generally successful attacks. -- Matthias ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
Hi Daniel On 9/17/06, Daniel Lorch <[EMAIL PROTECTED]> wrote: [..] Are you sure? Isn't that exactly the point of asymmetric cryptography? The way I see it, TLS and SSL work like this (analogous to PGP): [1.2.3.] Almost. The asymetric encryption is only used to negotiate a symetric session key between the peers for various reasons. Michi ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
On the Sun, Sep 17, 2006 at 11:33:22AM +0200, Michael Naef blubbered: > Hi Daniel > > On 9/17/06, Daniel Lorch <[EMAIL PROTECTED]> wrote: > [..] > >Are you sure? Isn't that exactly the point of asymmetric cryptography? > >The way I see it, TLS and SSL work like this (analogous to PGP): > > [1.2.3.] > > Almost. The asymetric encryption is only used to negotiate a symetric > session key between the peers for various reasons. Mostly it's performance reasons. SSH (which uses SSL as well) does the same. The session key is renewed frequently, default of OpenSSH is 3600 Seconds (1 hour) I'm not sure whether session keys are only negotiated over asymmetric encryption initially or at renewal too. Anyone can clarify this? CU, Ventilator -- Martin Ebnöther, [EMAIL PROTECTED] http://www.semmel.ch/ Videogamer, Techno Musician, Gourmet, R-Typer, Beer drinker, Lefty Symlinker, Playstationeer, Chilihead, Honda driver, Paranoia GM This space for rent. Call 0800-Semmel-Ads ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
Hi > SMTP/TLS does not encrypt individual messages - as it's name implies, it > works on the *transport* layer. And there, the public key exchange is > used to agree on a symmetric session key. PGP works the same way. The data is encrypted using a random symmetric key, then this symmetric key is encrypted asymmetrically for each recipient. That's why it's possible to send the same message to multiple recipients, without having to encrypt the same data multiple times. Symmetric encryption is also significantly faster. Therefore, everything that applies to SSL/TLS should also apply to PGP - at least from my understanding. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
