Session Key Negotiation

Will Morton macavity at well.com
Wed Nov 30 11:35:19 EST 2005


Eric Rescorla wrote:
> 
> May I ask why you don't just use TLS?
> 

I would if I could, believe me. :o)

The negotiated key will be used for both reliable (TCP-like) and 
non-reliable (UDP-like) connections, all tunnelled over a single UDP 
port for NAT-busting purposes.  For the TCP-like component, I want to 
follow TLS as much as possible for obvious reasons.

> 
> Well, in TLS in RSA mode, the client picks the secret value (technical
> term: PreMaster Secret) but both sides contribute randomness to ensure
> that the Master Secret secret is unique. This is a clean way to
> ensure key uniqueness and prevent replay attack.
> 
> In DH mode, of course, both sides contribute shares, but that's
> just how DH works.
> 

That's what I figured.  Thanks Eric.

W

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list