Re: Diffie Hellman from Joseph Reagle on 2002-02-15 (xml-encryption@w3.org from February 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Fri, 15 Feb 2002 17:47:28 -0500
To: Jiandong Guo <jguo@phaos.com>, merlin <merlin@baltimore.ie>
Cc: xml-encryption@w3.org, "Eastlake <Donald.Eastlake@motorola.com>" <dee3@torque.pothole.com>
Message-Id: <200202152247.RAA24004@tux.w3.org>

This is an edit that is in Don's queue. I expect to see it real-soon-now :)
(You might notice that it is in [1], at the bottom, but still not marked 
done!)

[1] http://www.w3.org/Encryption/2001/11/last-call-issues.html

On Friday 15 February 2002 17:27, Jiandong Guo wrote:
> Merlin,
>
> I raised this question before
> (http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0019.html).
>
> I suggest to use X9.42 for Diffie-Hellman public keys for two reasons:
>
> 1. The X9.42 variant of  the Diffie-Hellman key is what used in PKIX X509
> certificate.
>
> 2. From security point of view, PKC#3 is outdated. The security of  the
> Discrete Logarithm
> problem underlying Diffie-Hellman relies not only on the size of  the
> prime p and the size
> of  the subgroup generated by the "generator" g in GF(p), but also on the
> size of the maximal
> prime factor of  the order of this subgroup, because of the
> Pohlig-Hellman algorithm.
> The appearance of the prime number q in X9.42 serves such purpose.
>
> Jiandong
>
> merlin wrote:
> > Hi,
> >
> > The Diffie Hellman part of the spec is somewhat ambiguous at the
> > moment:
> >
> > . It is not clear whether PKCS#3 or X.942 should be used. The reference
> >   suggests the latter; the public key encoding suggests the former.
> >
> > . Keying material generation is somewhat ambiguous; the examples
> > suggest algorithm first, the language suggests ZZ first; the examples
> > suggest the counter is one byte, the language suggests two hexadecimal
> > digits.
> >
> > Any guidance so we can nail down DH interop?
> >
> > Thanks, Merlin
> >
> > -----------------------------------------------------------------------
> >------ Baltimore Technologies plc will not be liable for direct, 
> > special,  indirect or consequential  damages  arising  from  alteration
> > of  the contents of this message by a third party or as a result of any
> > virus being passed on.
> >
> > This footnote confirms that this email message has been swept by
> > Baltimore MIMEsweeper for Content Security threats, including
> > computer viruses.
> >    http://www.baltimore.com

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 15 February 2002 17:48:33 UTC