I have been reading Bulletproof SSL and TLS
Diffie Hellman is a key exchange mechanism, in which each of server and client share secret i.e. g^xgx and g^ygy respectively with each other where g is generator of some group. They calculate secret S = (g^ygy)^xx and (g^xgx)^yy respectively. Note that an attacker in the middle cannot get the value of S from g^xgx and g^ygy, since discrete logarithm is a hard problem. But, an active attacker can masquerade and fool both server and client.
Now in RSA_DH, the value which server sends to client i.e. g^xgx is fixed and stored in certificate. So, the "ServerKeyExchange" message is not sent. Now, client sends its g^ygy value in "ClientKeyExchange" message and this is encrypted with RSA public key cryptography algorithm whose certificate server has already sent in "Certificate" message.
In RSA_DHE, the "ServerKeyExchange" message takes place where server sends g^xgx to the client.
Now my question is what is the difference between the two? Since the premaster secret is calculated from the value (g^xgx)^yy, Therefore, even in RSA_DH, if the client sends different g^ygy values in each session, then (g^xgx)^yy value will be different. (I think even if he doesn't still my argument holds) Therefore it will achieve forward secrecy as in RSA_DHE. And the poor attacker won't be able to get premaster secret even after getting the value of g^ygy by compromising the server private key. So, in both cases he won't be able to calculate premaster secret. So why Ephemeral one (RSA_DHE) is said to achieve forward secrecy and other one not?
