On Nov 30, 2007 10:32 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Fri, 30 Nov 2007, paranoid paranoia wrote:
>
> >> I assume Dan meant that if the _server_ requested anonymous and the client
> >> would agree to that, it would be an easy way for a middle-man to sneak in a
> >> server.
> >
> > Hmm, interesting... you seem to be implying that there's a difference, and
> > I simply cannot fathom why.
>
> It would depend on how intentional the user's decision is and how informed he
> is in how these things work. Given how hard people think SSL already is as it
> works by default, I can imagine that knowledge of the details and specifics of
> using ADH is very rare.

I'd have a hard time trying to argue with that... (-;

> I guess others agree with this, since for example OpenSSL comes with ADH
> disabled by default, the TLS standard mentions ADH as deprecated and RFC3268
> (AES for TLS) specicly mentions several "special care must be taken" if ADH is
> used and also mentions that it is vulnerable to man-in-the-middle attacks.

Sure. I also agree. My only "complaint" was that curl was being slightly
over-zealous and didn't let me use ADH even when I (thought I had) jumped
through several hoops to get it working.

> Not to mention that curl has supported SSL for a large number of years and
> nobody ever reported this as a problem yet... Not even you do, you just come
> up with a possible scenario that some user might experience.

Well... you happen to be right, since what I wanted was PSK and not ADH,
but the overly thorough certificate checks made that impossible as well.
Granted, PSK is not yet supported by the latest stable release of openssl;
so, you shouldn't have seen too many problem reports on that one, either. (-;
And, it looks like this will be sorted out before PSK goes mainstream.

--pp
Received on 2007-12-04