sfs8 pt1
Charles Lindsey
ukcrypto at chiark.greenend.org.uk
Mon, 29 Sep 2008 18:07:33 +0100
On Mon, 29 Sep 2008 13:50:07 +0100, Michael Procter
<michael@procter.org.uk> wrote:
> On Mon, September 29, 2008 12:59 pm, Charles Lindsey wrote:
>> On Fri, 26 Sep 2008 20:08:42 +0100, Dave Howe <DaveHowe@gmx.co.uk>
>> wrote:
>>> http://www.novell.com/communities/node/1606/decrypting+ssl+traffic+troubleshoot+nam
>>
>> I read that page, and failed to understand it.
>
> Yes - the key of the server. The article describes this in the section
> 'Extracting the Private Key':
> "Next, we need to find and extract the private key from the server."
>
> The article is intended for use by people with administrative access to
> the server in question, and not simply access to the browser, although
> that might be required to disable those pesky DHE variants!
Sure, that makes sense. If you are the administrator of the server, then
presumably you have access to the public keys anyway, so nothing wrong
with using them to debug your IP traces.
But the article, as written, seemed to imply that the process could be
performed from the client end. It needs to be more carefully written.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5