> They both calculate the session-key,
How can they both calculate the session key? The server doesn't
have a known-authentic public key for the client.
> but the client must send
> it to the
> server, so the server can verify this with his session-key.
Diffie-Hellman involves no exhange of keys. That's the whole point.
> Remember that
> those session-keys are supposed to be unique, so there is no
> problem when
> they are transmitted.
I don't understand. How does the fact that the session keys are
unique have anything to do with a 'problem when they are transmitted'?
Steve
> > CheckPoint's documentation also says that the SR client
> > 'exchanges a session
> > key with the SecuRemote server and loads it into the
> > SecuRemote server"
> > (VPN-1 manual, p. 104). Perhaps I have misunderstood
> > something, but isn't
> > it the point of the whole DH scheme to avoid exchanging keys?
> > Each end of
> > the connection, using its own private key and the public key of its
> > correspondent, can generate the session key on its own. If
> > that's right,
> > then why would the server and client 'exchange' the key?
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
