[114456] in cryptography@c2.net mail archive
questions on RFC2631 and DH key agreement
daemon@ATHENA.MIT.EDU (' =JeffH ')
Fri Feb 1 18:12:50 2008
To: cryptography@metzdowd.com
cc: ' =JeffH ' <Jeff.Hodges@KingsMountain.com>
From: ' =JeffH ' <Jeff.Hodges@KingsMountain.com>
Reply-to: cryptography@metzdowd.com
Date: Fri, 01 Feb 2008 13:53:46 -0800
So AFAICT from perusal of RFC2631 "Diffie-Hellman Key Agreement Method" and
RFC2630 CMS, when one executes a simple DH static profile between two parties,
the only things that really need to go over the wire are each party's public
keys (ya and yb) if { p, q, g, j } are known to both parties. And thus,
"Generation of Keying Material" is done by each party separately, using the
value of ZZ that each independently calculates, yes? Thus keying material
doesn't cross the wire and risk exposure (among various things).
So if p, q, g are not static, then a simplistic, nominally valid, DH profile
would be to..
a b
---------- ----------
g, p, ya ------------------------------------>
<--------------------------------------- yb
[calculates ZZ] [calculates ZZ]
[calculates keying material] [calculates keying material]
. .
. .
. .
..yes?
Other than for b perhaps wanting to verify the correctness of { p, q, g, j }
("group parameter validation"), is there any reason to send q ?
thanks,
=JeffH
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
