Hi All, Is there a best practice for Diffie-Hellman parameters (p, g, and q) used on a web server?
The server is using ephemeral keys, but should the parameters be rotated on a regular basis ? Is it OK for the server to keep them fixed for years (in the source code)? Or should they be generated uniquely for each site? This server does not appear to be under NIST and FIPS, so I don't believe they need to be fixed for compliance. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography