Eric Rescorla wrote:
May I ask why you don't just use TLS?
I would if I could, believe me. :o)
The negotiated key will be used for both reliable (TCP-like) and
non-reliable (UDP-like) connections, all tunnelled over a single UDP
port for NAT-busting purposes. For the TCP-like component, I want to
follow TLS as much as possible for obvious reasons.
Well, in TLS in RSA mode, the client picks the secret value (technical
term: PreMaster Secret) but both sides contribute randomness to ensure
that the Master Secret secret is unique. This is a clean way to
ensure key uniqueness and prevent replay attack.
In DH mode, of course, both sides contribute shares, but that's
just how DH works.
That's what I figured. Thanks Eric.
W
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]