17 Dec
2003
17 Dec
'03
11:17 p.m.
Right - using DH exchange is probably appropriate in situations where there is no pre-established credentials for the party on the other machine.
D-H also provides perfect forward secrecy, which is a reason to use it even if there is already an established set of credentials.
How about public-key signing the D-H exchange? Public key to eliminate[*] the man-in-the-middle attack, and D-H for forward secrecy. * Almost eliminate. A sufficiently powerful man in the middle could conceivably subvert the public keys. --apb (Alan Barrett)