- From: Jiandong Guo <jguo@phaos.com>
- Date: Fri, 15 Feb 2002 17:27:06 -0500
- To: merlin <merlin@baltimore.ie>
- CC: xml-encryption@w3.org
Merlin, I raised this question before (http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0019.html). I suggest to use X9.42 for Diffie-Hellman public keys for two reasons: 1. The X9.42 variant of the Diffie-Hellman key is what used in PKIX X509 certificate. 2. From security point of view, PKC#3 is outdated. The security of the Discrete Logarithm problem underlying Diffie-Hellman relies not only on the size of the prime p and the size of the subgroup generated by the "generator" g in GF(p), but also on the size of the maximal prime factor of the order of this subgroup, because of the Pohlig-Hellman algorithm. The appearance of the prime number q in X9.42 serves such purpose. Jiandong merlin wrote: > Hi, > > The Diffie Hellman part of the spec is somewhat ambiguous at the moment: > > . It is not clear whether PKCS#3 or X.942 should be used. The reference > suggests the latter; the public key encoding suggests the former. > > . Keying material generation is somewhat ambiguous; the examples suggest > algorithm first, the language suggests ZZ first; the examples suggest > the counter is one byte, the language suggests two hexadecimal digits. > > Any guidance so we can nail down DH interop? > > Thanks, Merlin > > ----------------------------------------------------------------------------- > Baltimore Technologies plc will not be liable for direct, special, indirect > or consequential damages arising from alteration of the contents of this > message by a third party or as a result of any virus being passed on. > > This footnote confirms that this email message has been swept by > Baltimore MIMEsweeper for Content Security threats, including > computer viruses. > http://www.baltimore.com
Received on Friday, 15 February 2002 17:20:01 UTC