<div>
<div class="content wysiwyg-content">
This applies to TLS as well ass IPSec.<br />
<br />
The purpose of the Diffie Hellman key exchange is to agree on a shared secret without sending it on the wire. I have always believed that every DH-session is unique with random large primes. Is DH using the same numbers every time when conneting to the same peer/device/server?<br />
<br />
The reason for my question is that I read that PFS (Perfect Forward Secrecy) is being used on top of DH to make sure that the key is unique for every session. <br />
<br />
Why PFS when we have DH? Does not compute. :)
</div>
</div>


This applies to TLS as well ass IPSec.

The purpose of the Diffie Hellman key exchange is to agree on a shared secret without sending it on the wire. I have always believed that every DH-session is unique with random large primes. Is DH using the same numbers every time when conneting to the same peer/device/server?

The reason for my question is that I read that PFS (Perfect Forward Secrecy) is being used on top of DH to make sure that the key is unique for every session. 

Why PFS when we have DH? Does not compute. :)

Why PFS when we have DH

tls/ssl

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.