[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DH vs. RSA use for symmetric key exchange

"Khaja E. Ahmed" wrote:
> Would anyone have some pointers on what percentage of the installed base of
> IPSEC capable routers _use_ RSA vs. DH for exchanging symmetric keys?

The question is mis-phrased.

IPSEC uses Diffie-Hellman key negotiation for all symmetric keys that are
automatically created. The only case where DH is not used is manual mode,
where keys are set by the administrators rather than negotiated.

The DH exchange must be authenticated and there are several mechanisims
for that authentication, including shared secrets, RSA signatures and various
forms of certificate. 

> A sub
> goal of this question is to figure out what percentage of such devices use
> certificates.
> I would be grateful for any guesses, estimates or pointers to more info.

IPSEC background info, lots of links:

Follow-Ups: References: