Julian wrote:
> My fear is that get a hold of P will allow for someone else to use it to
> start a protocol disassembly. For instance anyone could create a
> DHE-RSA-AES256-SHA TLS server and use P to listen for connections, of
> course if would have to have a cert signed by CA to proceed even if they
> have P.
>
> The protocol here is TLS where each client is a server, so shouldn't
> each client/server have their own DH P?


No. All participants share a prime generator and a modulus. A DH
secret key is therefore essentially merely a random string of bits
of a certain length. The corresponding public key is p^privkey mod m.

Trust requires you have some mechanism to know that a given set of
bits is the pubkey belonging to the other party.

The benefit of DH is that once you and your correspondent have each
other's public keys, you can begin encrypted communication without
a handshake. There is an implicit pairwise shared secret which you
can use to generate session keys via some established mechanism (see
SKIP as an example).

- M



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org