Hi, I am a newbie to SSL as well as RSA security etc. However read quite a bit of books and on the net. But one thing flew over my head. Pl. see if any can help me understand the following.
Suppose server and client used RSA based private/public key pairs. I understood that these would be used to authenticate each other. Leaving DSA totally aside, considering only RSA alone, I did not fully understand what DH params are being used for in such communication. There is some explanation about DH params need in terms of key exchange etc, but did not follow. Looked around quite a bit, but not found a clear/direct answer. The article at http://support.microsoft.com/kb/257591 tries to explain somewhat but is at very high level and does not even mention DH params by name at all. My vague understanding is that, though RSA based private/public key pair is useful for authentication, but there still appears to be a need to generate (symmetric ones ?) some keys for encryption on a session by session basis. It appears that either temporary RSA keys (not used it seems to due to some security violations. OK , fine) and DH params can be used. This is thing went over my head. I did not understand - why is there a need for generating session to session keys
