Timeline for How does non-ephemeral Diffie-Hellman key exchange become compromised in SSL when the RSA private key is leaked?

Current License: CC BY-SA 3.0

9 events

when toggle format	what		by	license	comment
Oct 7, 2021 at 8:14	history	edited	CommunityBot		replaced https://tools.ietf.org/html/rfc with https://www.rfc-editor.org/rfc/rfc
Oct 7, 2021 at 6:58	history	edited	CommunityBot		replaced http://tools.ietf.org/html/rfc with https://www.rfc-editor.org/rfc/rfc
Jul 21, 2018 at 14:37	comment	added	dave_thompson_085		@AnonymousPlatypus: no, the bear was right (as usual). ServerKX contains the ephemeral DH key for (very common) ephemeral DHE_$auth (note the E) or 'anonymous' (DH_anon) keyexchange, but is not used at all for (very rare) 'static' DH_$obsauth (no E) which has the static/fixed key in the cert. See rfc5246 et pred 7.4.3 and 7.4.2. And similarly for ECDHE and ECDH_anon versus ECDH, see rfc4492.
Jul 16, 2018 at 11:57	comment	added	Anonymous Platypus		@TomLeek One correction maybe, I read the server certificate will not contain the DH public key. It is shared in a different Server Key Exchange message. Could you please confirm this?
Nov 7, 2017 at 22:36	comment	added	dave_thompson_085		SSLv3 TLSv1.0 and 1.1 define DH_{RSA,DSS} as cert contains DH key and is signed (by CA) using RSA or DSA respectively, but TLSv1.2 drops the ciphersuite-based restriction on cert signature and adds an extension (SigAlgs) which restricts all signatures; see 5246 7.4.2 just after the itemized list. And similarly for fixed-ECDH.
Nov 7, 2017 at 21:50	history	edited	StackzOfZtuff	CC BY-SA 3.0	+link to definition of DH_RSA and DH_DSS
Jun 28, 2013 at 16:30	vote	accept	Polynomial
Jun 28, 2013 at 16:30	comment	added	Polynomial		That makes SO MUCH more sense now. I had never considered the idea that the DH key pairs could be generated and thrown away per session. Thanks! :)
Jun 28, 2013 at 16:28	history	answered	Tom Leek	CC BY-SA 3.0