On Mon, 24 Aug 2009, Emmanuel Dreyfus wrote:
> Howard Chu wrote:
> > But certificates are not a required element for encryption of a
> > connection - after all, TLS also supports anonymous Diffie-Hellman key
> > exchange.
>
> Sure, but encryption without authentication makes little sense, as yo
On Sat, 22 Aug 2009, Guillaume Rousse wrote:
to let the ldap server in a bad mood. Isn't there any way to replay answer
parsing from the network capture ?
Sometimes it's not that easy. A lot of things are timing-dependent, or
need a particular memory access (such that the prior contents and/o
Thank you all for your responses.
You guys are awesome!
This is what I've been worried about with the encryption.
I wanted to make sure the encryption was "secure", so to speak.
-Josh
On Mon, 2009-08-24 at 08:30 -0400, Emmanuel Dreyfus wrote:
> Howard Chu wrote:
>
> > But certificates a
Howard Chu wrote:
> But certificates are not a required element for encryption of a connection -
> after all, TLS also supports anonymous Diffie-Hellman key exchange.
Sure, but encryption without authentication makes little sense, as you
don't know who you are securely speaking to: you can get a
Howard Chu wrote:
> Michael Ströder wrote:
>> Howard Chu wrote:
>>> josh.mul...@cox.com wrote:
..."If the client does not send a certificate, it can still connect."
Does that mean that traffic is still encrypted if a certificate is not
used?
>>>
>>> Yes. Certificates a
Michael Ströder wrote:
Howard Chu wrote:
josh.mul...@cox.com wrote:
..."If the client does not send a certificate, it can still connect."
Does that mean that traffic is still encrypted if a certificate is not
used?
Yes. Certificates are only for authentication, not encrypting the
traffic.
Howard Chu wrote:
> josh.mul...@cox.com wrote:
>>
>> ..."If the client does not send a certificate, it can still connect."
>>
>>
>> Does that mean that traffic is still encrypted if a certificate is not
>> used?
>
> Yes. Certificates are only for authentication, not encrypting the
> traffic.
Howa
