[gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?

Simon Josefsson simon+gnutls-dev at josefsson.org
Sun Dec 21 09:49:08 CET 2003


This might not be exactly gnutls specific, but the question grow out
of a usage question of your API: is it OK to use the same D-H
parameters for both the ANON-DH and DHE-RSA/DSS key exchanges?  It
takes several seconds to generate the D-H params, so I'd rather not
generate two sets if it can be avoided.  The issue I'm worried about:
can someone impersonate a server with DHE-RSA/DSS kx, by using the
ANON-DH kx against the real server, if the real server is using the
same D-H parameters for both ANON-DH and DHE-RSA/DSS?  Any other
problems using the same D-H parameters?

I suppose the answer is no, but just wanted to be sure.  I guess I
need a good TLS textbook...

(I know I can store the D-H parameters on disk in PKCS#3 format to
speed up server startup.)

Thanks.




More information about the Gnutls-dev mailing list