Re: [Help-gnutls] DHE_DSS

[Adam Langley]

On 7/31/05, Michael Berhanu <address@hidden> wrote:
> Could someone give me an overview of how Diffie-Hellman ephemeral key
> exchange based on DSS works? I'm asking here not for a code overview,
> but rather a conceptual overview. I've tried to understand it by going
> through a number of rfcs but it hasn't worked for me.

You can find a description of the maths of DH all over the place[1] so
I wont go into that here.

DH allows two parties to agree on a shared key such that no
eavesdropper can learn the key (for some bound on computational
ability). This key is used for the current session only and is
discarded afterwards. This gives it 'perfect forward secrecy' - you
cannot be made to give up the session key at a later date. That's the
E in EDH (and DHE, which is the same thing).

However, an attacker who can manipulate the exchange between two hosts
can launch a man-in-the-middle attack against DH. So DSS is used to
sign the DH exchange so that you know that the host which you're
agreeing a key with is the one that you expect.

Once the key material has been exchanged, it's used to seed the
generation of the symmetric key (the generation may just be the
identity function).

[1] http://en.wikipedia.org/wiki/Diffie-Hellman
[2] 
http://en.wikipedia.org/wiki/Perfect_forward_secrecy

AGL

-- 
Adam Langley                                      address@hidden
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60