lotus
previous page: 4.5) It appears that there is no way in the SSL protocol to resynchronize blocks if they get out of synch. Is that true?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 4.7) What is TLS? What happened at these meetings? Has anything come out of them yet?

4.6) Why does SSL3 have Diffie-Hellman encryption at all? What good is it?...




Description

This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.

4.6) Why does SSL3 have Diffie-Hellman encryption at all? What good is it?...

...Exchanging random numbers that are encrypted with the server's (or
client's) public key would seem to be an adequate way of getting the
secret bits across. Why have DH as well?

Anonymous DH key exchange doesn't require the use of certificates.
Ephemeral DH allows you to use signing-only certificates, and it
protects the session from future compromise of the server's private
key. Another advantage of DH is that the patent expired in 1997.

 

Continue to:












TOP
previous page: 4.5) It appears that there is no way in the SSL protocol to resynchronize blocks if they get out of synch. Is that true?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 4.7) What is TLS? What happened at these meetings? Has anything come out of them yet?