4.2. dh
The dh directive in an initialization request
and an initialization response provides the sending peer's
ephemeral Diffie-Hellman public key.
This directive is calculated as follows:
dh = g ^ dh-private MOD p
where the following apply:
g is the generator of the Diffie-Hellman group. The latter is chosen by the requester and
identified by the group directive in the initialization request.p is the prime modulus of the Diffie-Hellman group.private-dh is a random integer in the range: 2...q-2 where q is the
subgroup order of the Diffie-Hellman group. Note that q =
(p-1)/2 for all the MUST IMPLEMENT groups.
The value of private-dh is chosen by the sending peer from a source of cryptographic-quality
randomness, and is treated as strictly private. It SHOULD be generated anew for each new initialization, in which
case it SHOULD be discarded immediately after the computation of the shared
secret. However if computational resources are limited it MAY be reused across multiple initializations, but this
will affect the effective extent of the protocol's claim to forward secrecy.
|