sfs8 pt1
Charles Lindsey
ukcrypto at chiark.greenend.org.uk
Tue, 30 Sep 2008 11:44:55 +0100
On Mon, 29 Sep 2008 22:03:56 +0100, Dave Howe <DaveHowe@gmx.co.uk> wrote:
> Charles Lindsey wrote:
>> Sure, that makes sense. If you are the administrator of the server, then
>> presumably you have access to the public keys anyway, so nothing wrong
>> with using them to debug your IP traces.
>>
>> But the article, as written, seemed to imply that the process could be
>> performed from the client end. It needs to be more carefully written.
>
> I am more concerned that, in the absence of DHE, a RIPa request for the
> server key could decrypt historic data....
Exactly.
But AIUI, it is the server that lists the options it will support, and the
browser that chooses which one will be used. Or is it the other way around?
If it is the browser that chooses, and if, as reported, it chooses the
"first", is that the first in its list, or the first in the server's list?
If it is in _its_ list, then could reordering the list solve the problem?
But, in any case, it will be easier for concerned users to fix their
browsers, or persuade the implementors to do so, than to persuade all the
servers out there to change.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5