Description

This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.

4.6) Why does SSL3 have Diffie-Hellman encryption at all? What good is it?...

...Exchanging random numbers that are encrypted with the server's (or
client's) public key would seem to be an adequate way of getting the
secret bits across. Why have DH as well?

Anonymous DH key exchange doesn't require the use of certificates.
Ephemeral DH allows you to use signing-only certificates, and it
protects the session from future compromise of the server's private
key. Another advantage of DH is that the patent expired in 1997.

Continue to:

prev: 4.5) It appears that there is no way in the SSL protocol to resynchronize blocks if they get out of synch. Is that true?
Index
next: 4.7) What is TLS? What happened at these meetings? Has anything come out of them yet?

Share and Enjoy

Bookmark this story so others can enjoy it:


	stason.org

	Articles
	Development
	Books
	Teaching
	Photography
	Bits and Pieces
	TULARC
	Contact Us
	Site Map


	Favorites

	Free Online Books
	Meta Religion
	Travel Blogs
	StasoSphere
	Healing Info
	Article Collection
	Practical mod_perl
	mod_perl2 Book
	MailChannels

		Articles / TULARC / Security / SSL Discussion List /







		4.6) Why does SSL3 have Diffie-Hellman encryption at all? What good is it?...


	Search

4.6) Why does SSL3 have Diffie-Hellman encryption at all? What good is it?...

Description

4.6) Why does SSL3 have Diffie-Hellman encryption at all? What good is it?...

Share and Enjoy

Tags