Closed
Conversation
I've updated the last part of DH to be more aligned with current practice. Static/fixed DH is actively discouraged in practice, so might as well not discuss it. Simpler solution to fix MitM for DH is to just add signatures. Corrected the explanation of "ephemeral" and (P)FS, since this does not rely on fixed DH parameters. Briefly mentioned Elliptic Curve in the context of DH, since ECDHE is the most widely used variant in practice.
Contributor
Author
|
One other improvement that I considered is to add the "paint" diagram as shown in https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange That may help readers see more easily that the secret values are not transmitted. |
Contributor
|
We appreciate the input and while we agree that there is room to improve the text, leaving out the details of fixed DH leaves the reader with less understanding of why ephemeral DH is needed (and why it is called "ephemeral"). We're going to close this PR but take your input to say more about current practice. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I've updated the last part of DH to be more aligned with current practice.
Static/fixed DH is actively discouraged in practice, so might as well not discuss it.
Simpler solution to fix MitM for DH is to just add signatures.
Corrected the explanation of "ephemeral" and (P)FS, since this does not rely on fixed DH parameters.
Briefly mentioned Elliptic Curve in the context of DH, since ECDHE is the most widely used variant in practice.