[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] iSaSiLk vs. SSLava - using ADH in applet



Note that we have two different Applet solutions:

 . the applet version of standard iSaSiLk (supports all standard
ciphersuites, including ADH)
 . iSaSiLkLight, see
http://jcewww.iaik.at/iSaSiLkAppletEdition/light1.htm

iSaSiLkLight works on any JDK up from 1.0 and is only 42k (compressed
JAR). It supports strong standard ciphersuites (RSA and DH), but not
export or otherwise weak ciphersuites like anonymous DH. You should
realize that DH_anon is vulnerable to active man-in-the-middle attacks,
which require no computational effort and are fairly easy to mount. I can
imagine hardly any scenarios where non authenticated connections are
sufficient.

We plan on updating iSaSiLkLight and could add ADH in the process if that
is important to you. I cannot yet say when that new version will be
available, but it is safe to say that at least a beta will come out
before the end of the year.

Regards,

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at

-----Ursprüngliche Nachricht-----
Von: Gerald Pattillo <gpattill@atd.sprintcorp.com>
An: <iaik-ssl@iaik.tu-graz.ac.at>
Gesendet: Freitag, 17. September 1999 15:54
Betreff: [iaik-ssl] iSaSiLk vs. SSLava - using ADH in applet


>
> We are in the process of licensing iSaSiLk, but are having problems
doing
> ADH key exchange.
> I realize from an earlier message that this is a bug that will be fixed
> shortly, but there is another
> issue.  The applet editition of iSaSiLk only supports RSA, where the
applet
> edition os SSLava will
> do ADH, and it is only 50k (and it also works now).  My question is,
can
> iSaSiLk be easily
> peared down to only do ADH in order to reduce the footprint for applet
use.
> I don't need any of the
> other algorithms because I'm connecting to a known ADH server.  If this
is
> not easily done, maybe
> I should just go with the 50k SSLava package.  Thanks for any info or
> insight.
>
> Gerald



smime.p7s