[gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/

From:	Simon Josefsson
Subject:	[gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?
Date:	Sun, 21 Dec 2003 09:49:08 +0100
User-agent:	Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux)

This might not be exactly gnutls specific, but the question grow out
of a usage question of your API: is it OK to use the same D-H
parameters for both the ANON-DH and DHE-RSA/DSS key exchanges?  It
takes several seconds to generate the D-H params, so I'd rather not
generate two sets if it can be avoided.  The issue I'm worried about:
can someone impersonate a server with DHE-RSA/DSS kx, by using the
ANON-DH kx against the real server, if the real server is using the
same D-H parameters for both ANON-DH and DHE-RSA/DSS?  Any other
problems using the same D-H parameters?

I suppose the answer is no, but just wanted to be sure.  I guess I
need a good TLS textbook...

(I know I can store the D-H parameters on disk in PKCS#3 format to
speed up server startup.)

Thanks.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?, Simon Josefsson <=
- Re: [gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?, Nikos Mavroyanopoulos, 2003/12/21
  - [gnutls-dev] Re: Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?, Simon Josefsson, 2003/12/21

Prev by Date: Re: [gnutls-dev] Re: dh_param's required in client for anonymous kx in 1.1?
Next by Date: Re: [gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?
Previous by thread: [gnutls-dev] dh_param's required in client for anonymous kx in 1.1?
Next by thread: Re: [gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?
Index(es):
- Date
- Thread