[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] iSaSiLk vs. SSLava - using ADH in applet

My goal is to avoid the $100,000 minimum RSA license fees.  I tried using DH
key exchange with DSA certificates and it never would work...now that I
about it, maybe that has something to do with the DH bug.  Anyway, I thought
I could
temporarily use ADH during testing, and get the DSA certs working later.  If
supports DH key exchange, DSA certificates, and DES or 3DES, then that will
be even better.

I don't need ADH in iSaSiLkLight, the plan was to use DH instead of ADH
because of the MIM attack.
Does the bug affect regular DH too?  Is that why I could never get a DSA
exchange to work?  If anyone has any sample code/certs that works in
DH-DSA-3DES mode, it would
help a lot.  Thanks.


-----Original Message-----
From: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]On Behalf Of Andreas Sterbenz
Sent: Friday, September 17, 1999 10:41 AM
To: Gerald Pattillo; iaik-ssl@iaik.tu-graz.ac.at
Subject: Re: [iaik-ssl] iSaSiLk vs. SSLava - using ADH in applet

Note that we have two different Applet solutions:

 . the applet version of standard iSaSiLk (supports all standard
ciphersuites, including ADH)
 . iSaSiLkLight, see

iSaSiLkLight works on any JDK up from 1.0 and is only 42k (compressed
JAR). It supports strong standard ciphersuites (RSA and DH), but not
export or otherwise weak ciphersuites like anonymous DH. You should
realize that DH_anon is vulnerable to active man-in-the-middle attacks,
which require no computational effort and are fairly easy to mount. I can
imagine hardly any scenarios where non authenticated connections are

We plan on updating iSaSiLkLight and could add ADH in the process if that
is important to you. I cannot yet say when that new version will be
available, but it is safe to say that at least a beta will come out
before the end of the year.


 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at

-----Ursprüngliche Nachricht-----
Von: Gerald Pattillo <gpattill@atd.sprintcorp.com>
An: <iaik-ssl@iaik.tu-graz.ac.at>
Gesendet: Freitag, 17. September 1999 15:54
Betreff: [iaik-ssl] iSaSiLk vs. SSLava - using ADH in applet

> We are in the process of licensing iSaSiLk, but are having problems
> ADH key exchange.
> I realize from an earlier message that this is a bug that will be fixed
> shortly, but there is another
> issue.  The applet editition of iSaSiLk only supports RSA, where the
> edition os SSLava will
> do ADH, and it is only 50k (and it also works now).  My question is,
> iSaSiLk be easily
> peared down to only do ADH in order to reduce the footprint for applet
> I don't need any of the
> other algorithms because I'm connecting to a known ADH server.  If this
> not easily done, maybe
> I should just go with the 50k SSLava package.  Thanks for any info or
> insight.
> Gerald

Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl