> DH is a key exchange algorithm. If you already have a secret key shared > between > the nodes, or possibly each other public keys, then I can't see any reason in > the world to do DH.
Actually there is good reason to do DH even if there are shared public keys. (If you have shared secrets it is probably reasonable to keep using them, up to a point. SSL includes the notion of caching ciphersuites so that if you are resuming an old connection you can ask the other side if they still have the old key material around and want to use it some more.) With DH you get forward secrecy, meaning that afterwards even if your public keys are revealed, it is impossible to retroactively reconstruct the cipher key that the DH exchange produced. You then use your public keys to authenticate the DH exchange in order to prevent the man in the middle attack. Hal _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
