[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] DHE_DSS
From: |
Adam Langley |
Subject: |
Re: [Help-gnutls] DHE_DSS |
Date: |
Sun, 31 Jul 2005 13:08:21 +0100 |
On 7/31/05, Michael Berhanu <address@hidden> wrote:
> Could someone give me an overview of how Diffie-Hellman ephemeral key
> exchange based on DSS works? I'm asking here not for a code overview,
> but rather a conceptual overview. I've tried to understand it by going
> through a number of rfcs but it hasn't worked for me.
You can find a description of the maths of DH all over the place[1] so
I wont go into that here.
DH allows two parties to agree on a shared key such that no
eavesdropper can learn the key (for some bound on computational
ability). This key is used for the current session only and is
discarded afterwards. This gives it 'perfect forward secrecy' - you
cannot be made to give up the session key at a later date. That's the
E in EDH (and DHE, which is the same thing).
However, an attacker who can manipulate the exchange between two hosts
can launch a man-in-the-middle attack against DH. So DSS is used to
sign the DH exchange so that you know that the host which you're
agreeing a key with is the one that you expect.
Once the key material has been exchanged, it's used to seed the
generation of the symmetric key (the generation may just be the
identity function).
[1] http://en.wikipedia.org/wiki/Diffie-Hellman
[2]
http://en.wikipedia.org/wiki/Perfect_forward_secrecy
AGL
--
Adam Langley address@hidden
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60