Diffie-Hellman key exchange is a means of creating a session key in a manner that's not easily reversible by an eavesdropper, not a means of authentication. The public/private keypair is the only means of authenticating an anonymous third party as being that specific anonymous third party, and not some interloper. (See the Freenet project for an example of this.)
You could, theoretically, use it as a means of authentication IF and ONLY IF the public key stayed the same. Generally, though, it's a random large number. (This is why DH requires a certificate, where EDH doesn't -- EDH is random, where DH uses a public key that requires [in the context of SSL] an X.509 certification.) On 2/2/06, Alain Damiral <[EMAIL PROTECTED]> wrote: > Kyle Hamilton wrote: > > >Self-signed certificates are good for one thing, at least: They ensure > >that subsequent transactions are with the same entity (the same > >keypair is used), even if no other piece of data in the certificate is > >trustworthy. > > > Doesn't Diffie-Hellman key exchange ensure that this is true even with > no certificate authentication at all ? (Maybe not with a null cipher ?) > > -- > Alain Damiral > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
