> One final addition here, the situation for PSK depends on the flavour > and whether you are talking about active or passive attackers. The > statement is true for plain PSK, but less so for DHE_PSK and RSA_PSK. > Section 7.2 of 4279: > > For the PSK ciphersuites, an attacker can get the information > required for an off-line attack by eavesdropping on a TLS handshake, > or by getting a valid client to attempt connection with the attacker > (by tricking the client to connect to the wrong address, or by > intercepting a connection attempt to the correct address, for > instance). > > For the DHE_PSK ciphersuites, an attacker can obtain the information > by getting a valid client to attempt connection with the attacker. > Passive eavesdropping alone is not sufficient. > > For the RSA_PSK ciphersuites, only the server (authenticated using > RSA and certificates) can obtain sufficient information for an > off-line attack. In the general case, I don't think it is useful to differentiate between passive and active attackers. Performing man-in-the-middle attacks is no more difficult (in a big-O sense) than performing passive attacks. In almost every modern network, these attacks require the same level of network access. Just a pet peeve of mine. cheers, timReceived on Friday, 7 January 2011 17:42:45 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:36 GMT