Re: Diffie Hellman


I raised this question before

I suggest to use X9.42 for Diffie-Hellman public keys for two reasons:

1. The X9.42 variant of  the Diffie-Hellman key is what used in PKIX X509

2. From security point of view, PKC#3 is outdated. The security of  the Discrete
problem underlying Diffie-Hellman relies not only on the size of  the prime p and
the size
of  the subgroup generated by the "generator" g in GF(p), but also on the size of
the maximal
prime factor of  the order of this subgroup, because of the Pohlig-Hellman
The appearance of the prime number q in X9.42 serves such purpose.


merlin wrote:

> Hi,
> The Diffie Hellman part of the spec is somewhat ambiguous at the moment:
> . It is not clear whether PKCS#3 or X.942 should be used. The reference
>   suggests the latter; the public key encoding suggests the former.
> . Keying material generation is somewhat ambiguous; the examples suggest
>   algorithm first, the language suggests ZZ first; the examples suggest
>   the counter is one byte, the language suggests two hexadecimal digits.
> Any guidance so we can nail down DH interop?
> Thanks, Merlin
> -----------------------------------------------------------------------------
> Baltimore Technologies plc will not be liable for direct,  special,  indirect
> or consequential  damages  arising  from  alteration of  the contents of this
> message by a third party or as a result of any virus being passed on.
> This footnote confirms that this email message has been swept by
> Baltimore MIMEsweeper for Content Security threats, including
> computer viruses.

Received on Friday, 15 February 2002 17:20:01 UTC