Merlin, I raised this question before (http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0019.html). I suggest to use X9.42 for Diffie-Hellman public keys for two reasons: 1. The X9.42 variant of the Diffie-Hellman key is what used in PKIX X509 certificate. 2. From security point of view, PKC#3 is outdated. The security of the Discrete Logarithm problem underlying Diffie-Hellman relies not only on the size of the prime p and the size of the subgroup generated by the "generator" g in GF(p), but also on the size of the maximal prime factor of the order of this subgroup, because of the Pohlig-Hellman algorithm. The appearance of the prime number q in X9.42 serves such purpose. Jiandong merlin wrote: > Hi, > > The Diffie Hellman part of the spec is somewhat ambiguous at the moment: > > . It is not clear whether PKCS#3 or X.942 should be used. The reference > suggests the latter; the public key encoding suggests the former. > > . Keying material generation is somewhat ambiguous; the examples suggest > algorithm first, the language suggests ZZ first; the examples suggest > the counter is one byte, the language suggests two hexadecimal digits. > > Any guidance so we can nail down DH interop? > > Thanks, Merlin > > ----------------------------------------------------------------------------- > Baltimore Technologies plc will not be liable for direct, special, indirect > or consequential damages arising from alteration of the contents of this > message by a third party or as a result of any virus being passed on. > > This footnote confirms that this email message has been swept by > Baltimore MIMEsweeper for Content Security threats, including > computer viruses. > http://www.baltimore.comReceived on Friday, 15 February 2002 17:20:01 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT