[Security] TLS-SRP Questions

Dirk Meyer dmeyer at tzi.de
Thu Aug 21 14:19:35 CDT 2008

Jonathan Dickinson wrote:
> And my hard-laboured formatting got messed up.


> Initiator opens connection
> Target gets connection and presents certificate
> Initiator verifies certificate with IC -> Fail if invalid
> Initiator presents certificate
> Target verifies certificate -> Fail if invalid
> Success
> The point is, from what I can tell, TLS supports all of that.

Yes, but the question is how to verify a certificate from someone you
do not know which is not signed by a CA. Or I'm I missing something in
your argumentation?


A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1...

More information about the Security mailing list