DTLS and Ephemeral Diffie-Hellman

Asked Mar 21 '16 at 13:50

Active Mar 21 '16 at 14:02

Viewed 135 times

In the DTLS handshake, the two parties involved in the communication must authenticate each other by means of certificates, and after that they perform an ephemeral Diffie-Hellman key exchange, with the public Diffie-Hellman keys signed with the keys of the certificates.

Why EDH is needed in this context? If each party knows the other party's public key, why can't one party chose a random key and send it to the other one? What kind of security adds EDH in this context?

edited Mar 21 '16 at 14:02

asked Mar 21 '16 at 13:50

ssnape

Google 'perfect forward secrecy' if you need follow-up from the above. – Neil Smithline Mar 21 '16 at 14:04
Ok, so the only difference is that with EDH you get forward secrecy, that's right? – ssnape Mar 21 '16 at 14:15
PFS is the security enhancement that EDH provides over DH. – Neil Smithline Mar 21 '16 at 14:20

DTLS and Ephemeral Diffie-Hellman

0 Answers0