help me understand something, fellow Debian folk, please! Diffie-Hellman and its offspring Oakley allow two parties to agree on a session key without exchanging sensitive information. To do so, they use a private/public key pair and the wonders of the modulus operator.
Say two hosts establish a VPN with Oakley and IKE. Both hosts have X.509 certificates. Do they use these straight in the DH/Oakley calculation every time, or are they simply used to seed the temporary generation of a key pair that's then used for DH? I am asking because I was always under the impression of the former, but wondering how the two hosts agree on a different session key every time they rerun the process. or do they use the generated communication-partners key as a basis to create a temporary session key? thanks, -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck a good scapegoat is nearly as welcome as a solution to the problem.
msg03237/pgp00000.pgp
Description: PGP signature
