On Jan 30, 2012, at 11:57 PM, Brian Dickson wrote: > On Mon, Jan 30, 2012 at 4:52 PM, Stephen Kent <[email protected]> wrote: >> At 2:57 PM -0500 1/30/12, Brian Dickson wrote: >>> >>> There are other kinds of encryption as well, which involve shared >>> keys, or in case of DH, random session keys with neither party >>> having/needing the other's key material. >> >> >> not true. DH key agreement requires that each party receive the public >> key of the other, in order to compute a shared secret. > > In DH, each side generates a random (per-session) private key, and > computes _a_ public key (which is exchanged), off of that private key > . > > Here's the thing - the "public key" in DH is not pre-published, nor is > it re-used. It is a one-use, fire-and-forget object, as are the > private key and shared key. > > This is different from a published (public) key material a la PKI. PKI > keys are longer-lived and multiple-use. > > In DH, neither party has the other's key _before_ they start their DH > exchange. That was my point.
<hat type="pedantic"/> I do not think that word (DH) means what you think it means Diffie-Hellman is an algorithm on groups that have hard discrete log problems. It has nothing to do with key management. <http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange> I think what you mean to say is DH with *ephemeral* keys. That is not a necessary property. You can have even DH keys in certificates. <http://tools.ietf.org/html/rfc2631> _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
