What is the limitation of Diffie-Hellman (DH) when used for key agreement?

Diffie-Hellman (DH) is primarily a key exchange algorithm that allows two parties to establish a shared secret over an insecure channel. While it is effective for generating a shared key, one of its notable limitations is the lack of an authentication mechanism. This means that DH does not verify the identities of the parties involved in the key exchange process. As a result, it is vulnerable to man-in-the-middle attacks, where an adversary could intercept and manipulate the exchange, leading both parties to believe they are communicating securely with one another.

The lack of authentication means that even though the shared key generated by the DH process may be secure, the trustworthiness of the parties involved is not guaranteed. Therefore, if an attacker can impersonate one of the parties, they can establish a false shared key, undermining the very purpose of the secure communication.

Including additional authentication methods, such as using digital signatures or certificates alongside the DH process, can mitigate this limitation. However, on its own, DH does not address the need for confirming identities, which is why this option accurately identifies a key limitation of the Diffie-Hellman protocol.