Nonrepudiation - in some sense

On Fri, Feb 10, 2006 at 07:49:59PM +0000, Ben Laurie wrote:

> Secondly, obviously, you can only decrypt SSL if you
have the private
> key, so presumably this is referring only to incoming
SSL connections.
> 

And only if EDH (or more generally all PFS) ciphers are
disabled. This
is AFAIK common with HTTP servers, but the majority of TLS
capable MTAs
negotiate EDH ciphers.

-- 

 /" ASCII RIBBON                  NOTICE: If received
in error,
  / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not
waive
 /  HTML MAIL    Morgan Stanley   confidentiality or
privilege,
                                   and use is prohibited.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

Victor Duchovni wrote:
> On Fri, Feb 10, 2006 at 07:49:59PM +0000, Ben Laurie
wrote:
> 
>> Secondly, obviously, you can only decrypt SSL if
you have the private
>> key, so presumably this is referring only to
incoming SSL connections.
>>
> 
> And only if EDH (or more generally all PFS) ciphers are
disabled. This
> is AFAIK common with HTTP servers, but the majority of
TLS capable MTAs
> negotiate EDH ciphers.

You refer, of course, to the case where you are trying to
decrypt a
sniffed conversation.

Gotta be careful with the trimming of messages!

-- 
http://www.links.org/

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com