> Ken Goldman wrote: > > All correct for authentication. There are times that public keys or > > certificates are encrypted using a DH protocol for privacy. You might > > not want a man in the middle to track where you go, and a certificate > > is your identity. > > > > That's somewhat of an oversimplification I believe. Diffie-Hellman is a > key-exchange protocol, not an encryption protocol. If we're helping this > chap understand certs a little better let's not confuse him > inordinately! ;-)
The result of DH is a shared secret. As I understand it, IPsec uses it as a symmetric key for encryption, so that the remainder of the authentication protocol remains private. -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]