[gnutls-dev] Anonymity lost if same DH params re-used for ephemeral RSA/DSS too?
Simon Josefsson
simon+gnutls-dev at josefsson.org
Sun Dec 21 09:49:08 CET 2003
This might not be exactly gnutls specific, but the question grow out
of a usage question of your API: is it OK to use the same D-H
parameters for both the ANON-DH and DHE-RSA/DSS key exchanges? It
takes several seconds to generate the D-H params, so I'd rather not
generate two sets if it can be avoided. The issue I'm worried about:
can someone impersonate a server with DHE-RSA/DSS kx, by using the
ANON-DH kx against the real server, if the real server is using the
same D-H parameters for both ANON-DH and DHE-RSA/DSS? Any other
problems using the same D-H parameters?
I suppose the answer is no, but just wanted to be sure. I guess I
need a good TLS textbook...
(I know I can store the D-H parameters on disk in PKCS#3 format to
speed up server startup.)
Thanks.
More information about the Gnutls-devel
mailing list