Will Morton <[EMAIL PROTECTED]> writes: > I am designing a transport-layer encryption protocol, and obviously wish > to use as much existing knowledge as possible, in particular TLS, which > AFAICT seems to be the state of the art. > > In TLS/SSL, the client and the server negotiate a 'master secret' value > which is passed through a PRNG and used to create session keys.
May I ask why you don't just use TLS? > My question is: why does this secret need to be negotiated? Why can one > side or another (preference for client) not just pick a secret key and > use that? Well, in TLS in RSA mode, the client picks the secret value (technical term: PreMaster Secret) but both sides contribute randomness to ensure that the Master Secret secret is unique. This is a clean way to ensure key uniqueness and prevent replay attack. In DH mode, of course, both sides contribute shares, but that's just how DH works. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
