They both calculate the session-key, but the client must send it to the
server, so the server can verify this with his session-key. Remember that
those session-keys are supposed to be unique, so there is no problem when
they are transmitted.
This doesn't solve your CheckPoint problem, but maybe it helps a bit to
understand the key exchange !
Erwin
> CheckPoint's documentation also says that the SR client
> 'exchanges a session
> key with the SecuRemote server and loads it into the
> SecuRemote server"
> (VPN-1 manual, p. 104). Perhaps I have misunderstood
> something, but isn't
> it the point of the whole DH scheme to avoid exchanging keys?
> Each end of
> the connection, using its own private key and the public key of its
> correspondent, can generate the session key on its own. If
> that's right,
> then why would the server and client 'exchange' the key?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
