Does ephemeral key exchange protect against MITM ? I don't think so. Checking fo... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

chmike on Sept 8, 2013 | parent | context | favorite | on: Proposal to Change the Default TLS Ciphersuites Of...

Does ephemeral key exchange protect against MITM ? I don't think so. Checking for that would be difficult I think for a standrad protocol.

hnolable on Sept 8, 2013 [–]

No, the DHE/ECDHE (ephemeral key exchanges) don't protect against MITM, it protects against passive dragnet decryption. But the RSA/ECDSA/DSS part (certificate signing) does. All TLS ciphersuites include certificate signing to protect against MITM, but not all include ephemeral key exchange.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact