[OpenID] D-H vs SSL
Martin Atkins
mart at degeneration.co.uk
Thu Mar 19 17:22:07 UTC 2009
Ben Laurie wrote:
> On Thu, Mar 19, 2009 at 2:17 PM, Andrew Arnott <andrewarnott at gmail.com> wrote:
>> Maybe it's just me, but I don't like the terminology we're using. DH and
>> SSL are only redundant when used together.
>
> I don't understand why. As I said, DH over SSL gives you a shared
> secret, which SSL alone does not. Of course there are cheaper ways to
> arrive at a shared secret over SSL, but that's not the point.
>
>> Otherwise they're complementary.
>> If SSL cannot be used, for whatever reason, DH is mandatory.
>
> But does not protect against MitM, and so is not equivalent. Which is
> not what "complementary" means to me.
>
I believe what's being discussed here is using the secure channel to
exchange a shared secret in "cleartext" (as far as the application layer
is concerned).
This is actually already permitted by the spec, but the spec does not
say that it is *required* to use the "cleartext" session mode when on a
secure channel. This is the change that I think is being proposed here.
More information about the general
mailing list