Re: [TLS] Asking the browser for a different certificate

Kyle Hamilton <> Mon, 29 March 2010 23:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0AC963A6A91 for <>; Mon, 29 Mar 2010 16:22:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.131
X-Spam-Level: *
X-Spam-Status: No, score=1.131 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id j0bfj4NBvgmS for <>; Mon, 29 Mar 2010 16:22:17 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 196923A6A81 for <>; Mon, 29 Mar 2010 16:22:17 -0700 (PDT)
Received: by with SMTP id 23so3606451gwj.31 for <>; Mon, 29 Mar 2010 16:22:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type; bh=KRGwXMySQQTORrrfM9+PTXzYuPtCBxOJzIqcMElJXFc=; b=iJIi6rEORLUvyFxubzT1nSfgUMddvzNTIqzqZFFGKRKNP+VVpiBifAREglzoPJMJd9 b2naj+ToCTXw+cddIH/jy9XEmvzJ/RAKu0G3JdMWwk6GljwdpydEYhICwDqqiz9afWFY KLN/W0kKmA8/9jW5MGzLoymmmYSZfmEQRZ0As=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=bzJ7uuELqMJey8yDczdtpAn1anbTvYh61DZ9SgzLIU0TUWecoRGO9b5nhlwGHCQkMx SQhtZpZmSgjEH5/G3z1diyAZz3owfNqDbLAI8FBXPi52CKqoBvvkYV7dHrV6RoxI/dB5 zUOFj+3VU+RWKYmo9hKomp6rt8aJ2HlM2iUCU=
MIME-Version: 1.0
Received: by with HTTP; Mon, 29 Mar 2010 16:22:45 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <>
Date: Mon, 29 Mar 2010 16:22:45 -0700
Received: by with SMTP id f35mr8128732ann.74.1269904965681; Mon, 29 Mar 2010 16:22:45 -0700 (PDT)
Message-ID: <>
From: Kyle Hamilton <>
To: "Michael D'Errico" <>
Content-Type: text/plain; charset=UTF-8
Cc: TLS Mailing List <>
Subject: Re: [TLS] Asking the browser for a different certificate
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Mar 2010 23:22:18 -0000

On Mon, Mar 29, 2010 at 1:03 PM, Michael D'Errico <> wrote:
> Kyle Hamilton wrote:
>> I thought this was what the ADH ciphers were supposed to handle:
>> create a private channel, and then authenticate each end of that
>> channel inside the protection of the ciphered channel.
> There is no way to know if you've negotiated ADH with an attacker.

There's no way to know if you've negotiated ADH with an attacker --
but you've only got one attacker, Mallory.  If you have a whole bunch
of Eve's out there, who's to say they won't be able to put two and two
together and pinpoint you for attack even if you haven't connected to
a Mallory?

There is no way to know that Mallory will not broadcast the fact that
you connected with him under the pretense of being someone else, but
if he does that he's admitting to digital fraud and deceit anyway.

In most cases, I believe that security policies should make it more
expensive to recover a message than the message is worth -- but not an
order of magnitude more.  Maybe twice as expensive.  The more CPU time
used in attacking, the more electricity must be used (many, many watts
get dissipated as heat), which costs money.  The more sets of eyes
looking at it, the more costly it becomes.

-Kyle H