[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DH vs. RSA use for symmetric key exchange

Thanks again Sandy for the very useful pointers.

I do wonder though...

In a situation where one or both parties of a key exchange session has
(have) an RSA public key certificate what is the advantage of using DH to
exchange keys and then using RSA to authenticate the party?  Why not do what
happens in SSL / TLS?  Use the RSA public key to exchange the symmetric key.
Is one approach computationally more efficient than the other?  Clearly IKE
does not support use of RSA to do key exchange today.  Is there a reason why
this was not implemented / supported in IKE?   Is this a useful thing to
explore?  Would there be any advantage to allowing / supporting both methods
of exchanging keys?


Follow-Ups: References: