Sorry, prematurely sent earlier. Sending it again ...
Hi, I am a newbie to SSL as well as RSA security etc. However read quite a bit of books and on the net. But one thing flew over my head. Pl. see if anyone can help me understand the following. Suppose server and client used RSA based private/public key pairs. I understood that these would be used to authenticate each other. Leaving DSA totally aside, considering only RSA alone, I did not fully understand what DH params are being used for in such communication. There is some explanation about DH params need in terms of key exchange etc, but did not follow what this key exchange does or means. Looked around quite a bit, but not found a clear/direct answer. The article at http://support.microsoft.com/kb/257591 tries to explain somewhat but is at very high level and does not even mention DH params by name at all. My vague understanding is that, though RSA based private/public key pair is useful for authentication, but there still appears to be a need to generate (symmetric ones ?) some keys for encryption on a session by session basis. It appears that either temporary RSA keys (not used it seems to due to some security violations. OK , fine) or DH params can be used. This is the thing went over my head. I did not understand - why is there a need for generating session to session keys ? Guess, session needs to be encrypted. Why cann't we use the key pair we already have? Guess, to provide what I read as "forward secrecy". Fine - But how is DH params helping to create these session keys? Is this what is pre-master, master key thing referred in the http://support.microsoft.com/kb/257591 article. Any explanation on how/what DH params doing in RSA based private/public key based SSL connection would be greatly appreciated. regards jackie PS: BTW, did not know how to look for responses. Is there a mail group I go to check emails or do I get a email directly (hopefully :)
