[19052] in cryptography@c2.net mail archive
Re: Session Key Negotiation
daemon@ATHENA.MIT.EDU (Will Morton)
Fri Dec 2 12:33:32 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 30 Nov 2005 16:35:19 +0000
From: Will Morton <macavity@well.com>
To: EKR <ekr@rtfm.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <86slte5deb.fsf@romeo.rtfm.com>
Eric Rescorla wrote:
>
> May I ask why you don't just use TLS?
>
I would if I could, believe me. :o)
The negotiated key will be used for both reliable (TCP-like) and
non-reliable (UDP-like) connections, all tunnelled over a single UDP
port for NAT-busting purposes. For the TCP-like component, I want to
follow TLS as much as possible for obvious reasons.
>
> Well, in TLS in RSA mode, the client picks the secret value (technical
> term: PreMaster Secret) but both sides contribute randomness to ensure
> that the Master Secret secret is unique. This is a clean way to
> ensure key uniqueness and prevent replay attack.
>
> In DH mode, of course, both sides contribute shares, but that's
> just how DH works.
>
That's what I figured. Thanks Eric.
W
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
