NetScape's dependence upon RSA down for the count!
John L. Bass
jbass at dmsd.com
Sat Sep 30 15:40:11 PDT 1995
> jbass at dmsd.com writes:
> > client -> filter Client sends packet with K(c)
> filter -> Server filter forwards packet with K(f) filter <- Server Server sends encrypts with K(f)
> > client <- filter filter re-encrypts with K(c)
> >
> > As the protocol progresses the filter also uses the master key,
> > and follows the renegotiation as the master key expires.
>
> Yeah, but in order for this to work, the fake server needs to know
> netscape.com's private (secret) key, no?
>
> -jon
No ... the public part of any server private key is held by the filter
and not returned to the client. The client only encrypts with public
keys provided by the filter. The Server only encrypts with public keys
provided by the filter. The filter has cleartext of the entire session.
John
More information about the cypherpunks-legacy
mailing list