Session Key Negotiation
Will Morton
macavity at well.com
Wed Nov 30 11:35:19 EST 2005
Eric Rescorla wrote:
>
> May I ask why you don't just use TLS?
>
I would if I could, believe me. :o)
The negotiated key will be used for both reliable (TCP-like) and
non-reliable (UDP-like) connections, all tunnelled over a single UDP
port for NAT-busting purposes. For the TCP-like component, I want to
follow TLS as much as possible for obvious reasons.
>
> Well, in TLS in RSA mode, the client picks the secret value (technical
> term: PreMaster Secret) but both sides contribute randomness to ensure
> that the Master Secret secret is unique. This is a clean way to
> ensure key uniqueness and prevent replay attack.
>
> In DH mode, of course, both sides contribute shares, but that's
> just how DH works.
>
That's what I figured. Thanks Eric.
W
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list