[114458] in cryptography@c2.net mail archive
Re: questions on RFC2631 and DH key agreement
daemon@ATHENA.MIT.EDU (Ali, Saqib)
Fri Feb 1 18:31:56 2008
Date: Fri, 1 Feb 2008 15:21:55 -0800
From: "Ali, Saqib" <docbook.xml@gmail.com>
To: cryptography@metzdowd.com
Cc: "=JeffH" <Jeff.Hodges@kingsmountain.com>
In-Reply-To: <20080201215357.B82A9A0C5A@green.metzdowd.com>
http://www.xml-dev.com/blog/index.php?action=viewtopic&id=196
On 2/1/08, =JeffH <Jeff.Hodges@kingsmountain.com> wrote:
>
> So AFAICT from perusal of RFC2631 "Diffie-Hellman Key Agreement Method" and
> RFC2630 CMS, when one executes a simple DH static profile between two parties,
> the only things that really need to go over the wire are each party's public
> keys (ya and yb) if { p, q, g, j } are known to both parties. And thus,
> "Generation of Keying Material" is done by each party separately, using the
> value of ZZ that each independently calculates, yes? Thus keying material
> doesn't cross the wire and risk exposure (among various things).
>
> So if p, q, g are not static, then a simplistic, nominally valid, DH profile
> would be to..
>
>
> a b
> ---------- ----------
>
> g, p, ya ------------------------------------>
>
>
> <--------------------------------------- yb
>
>
> [calculates ZZ] [calculates ZZ]
> [calculates keying material] [calculates keying material]
> . .
> . .
> . .
>
>
>
> ..yes?
>
>
> Other than for b perhaps wanting to verify the correctness of { p, q, g, j }
> ("group parameter validation"), is there any reason to send q ?
>
>
>
> thanks,
>
> =JeffH
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
