An algorithm used to bootstrap from authentication to cryptography. Diffie-Hellman key exchange is a dynamic algorithm, it cannot be used to send email or other asynchronous communications (unless many emails are sent in each direction prior to the first payload). The negioation can be in the clear, but it must be signed to prevent ManInTheMiddle attacks.
The SSL protocol uses DiffieHellmanKeyExchange to move from keys which provide authentication to a shared secret, a session key which can then be used in ConventionalCryptography.
One page links to DiffieHellmanKeyExchange:
