[OpenID] D-H vs SSL
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Mar 19 14:23:40 UTC 2009
On 03/19/2009 04:19 PM, Ben Laurie:
> On Thu, Mar 19, 2009 at 2:17 PM, Andrew Arnott<andrewarnott at gmail.com> wrote:
>
>> Maybe it's just me, but I don't like the terminology we're using. DH and
>> SSL are only redundant when used together.
>>
> I don't understand why. As I said, DH over SSL gives you a shared
> secret, which SSL alone does not.
>
Exactly!
> But does not protect against MitM, and so is not equivalent. Which is
> not what "complementary" means to me.
+1
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090319/986a0cf1/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090319/986a0cf1/attachment-0002.bin>
More information about the general
mailing list