Eric Hughes sez:
Since active interception is not nearly so easy as passive listening,
This isn't true of anything but the aether itself or a point to point wire with integrity. In any switched or networked system with routing, active interception is trivial. That is why D-H has a lower level of applicability than generally considered.
it would be appropriate to use a Diffie-Hellman key exchange in this situation. This protocol has no persistent private keys, so the issue of keeping a private key around securely is not an issue.
Yes, the one time key usage is an important factor in the D-H. Nothing can be determined from one session that will help in breaking another. Peace, Bob -- Bob Cain rcain@netcom.com 408-354-8021 "I used to be different. But now I'm the same." --------------PGP 1.0 or 2.0 public key available on request.------------------