[OpenID] D-H vs SSL
Ben Laurie
benl at google.com
Thu Mar 19 17:31:49 UTC 2009
On Thu, Mar 19, 2009 at 5:22 PM, Martin Atkins <mart at degeneration.co.uk> wrote:
> Ben Laurie wrote:
>>
>> On Thu, Mar 19, 2009 at 2:17 PM, Andrew Arnott <andrewarnott at gmail.com>
>> wrote:
>>>
>>> Maybe it's just me, but I don't like the terminology we're using. DH and
>>> SSL are only redundant when used together.
>>
>> I don't understand why. As I said, DH over SSL gives you a shared
>> secret, which SSL alone does not. Of course there are cheaper ways to
>> arrive at a shared secret over SSL, but that's not the point.
>>
>>> Otherwise they're complementary.
>>> If SSL cannot be used, for whatever reason, DH is mandatory.
>>
>> But does not protect against MitM, and so is not equivalent. Which is
>> not what "complementary" means to me.
>>
>
> I believe what's being discussed here is using the secure channel to
> exchange a shared secret in "cleartext" (as far as the application layer is
> concerned).
>
> This is actually already permitted by the spec, but the spec does not say
> that it is *required* to use the "cleartext" session mode when on a secure
> channel. This is the change that I think is being proposed here.
Ah. I see.
So, I am going to be lazy, because I have not checked the spec, but
its considered good practice when establishing a shared secret for
both sides to contribute to that secret. Is that true for the
cleartext secret?
>
>
More information about the general
mailing list