Session Key Negotiation
Will Morton
macavity at well.com
Tue Nov 22 12:49:55 EST 2005
I am designing a transport-layer encryption protocol, and obviously wish
to use as much existing knowledge as possible, in particular TLS, which
AFAICT seems to be the state of the art.
In TLS/SSL, the client and the server negotiate a 'master secret' value
which is passed through a PRNG and used to create session keys.
My question is: why does this secret need to be negotiated? Why can one
side or another (preference for client) not just pick a secret key and
use that?
I guess that one reason would be to give both sides some degree of
confidence over the security in the key. Is this true, and if so is it
the only reason?
Many thanks, and apologies if this has been asked before...
Will
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list