In Ephemeral Diffie-Hellman, the key pair is generated every time.
In practice, does this mean I never need a certificate? Or that means I need a new cert every single time?
In practice, does this mean I never need a certificate? Or that means I need a new cert every single time?
It means that the generation of the key is independent of the certificate. You could use DH without certificate (anonymous DH), but than the connection would be open to man-in-the-middle attacks. Thus in practices DH is used for key generation but the certificate is still used to make sure we talk to the right peer (identification).