[114497] in cryptography@c2.net mail archive
Re: questions on RFC2631 and DH key agreement
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Sat Feb 2 12:56:02 2008
From: "Joseph Ashwood" <ashwood@msn.com>
To: <cryptography@metzdowd.com>
In-Reply-To: <20080201215357.B82A9A0C5A@green.metzdowd.com>
Date: Fri, 1 Feb 2008 20:43:16 -0800
----- Original Message -----
From: "' =JeffH '" <Jeff.Hodges@KingsMountain.com>
To: <cryptography@metzdowd.com>
Cc: "' =JeffH '" <Jeff.Hodges@KingsMountain.com>
Sent: Friday, February 01, 2008 1:53 PM
Subject: questions on RFC2631 and DH key agreement
> (ya and yb) if { p, q, g, j } are known to both parties.
> So if p, q, g are not static, then a simplistic, nominally valid, DH
> profile
> would be to..
> a b
> ---------- ----------
> g, p, ya ------------------------------------>
> <--------------------------------------- yb
> ..yes?
I would actually recommend sending all the public data. This does not take
significant additional space and allows more verification to be performed. I
would also suggest looking at what exactly the goal is. As written this
provides no authentication just privacy, and if b uses the same private key
to generate multiple yb the value of b will slowly leak.
> Other than for b perhaps wanting to verify the correctness of { p, q, g,
> j }
> ("group parameter validation"), is there any reason to send q ?
You can then use the gpb trio for DSA, leveraging the key set for more
capabilities.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
