On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > (continuing TOFU posting to keep the thread somewhat consistent) > > Given some of the mathematical restrictions on parameters needed to > keep DSA and ECDSA safe from attackers, I don't think using the same > private key for ECDSA and ECDH is a good/safe idea. > > However I am not a genius cryptanalyst, so I cannot guarantee that > this is really dangerous, it is just a somewhat educated guess. Not at all - its good advice. Its called Key Separation, and its covered in the Handbook of Applied Cryptography (HAC), Chapter 13. I usually see folks trying to use the same key for signing and encryption. This is a slight twist in that they want to do signing and agreement.
The HAC is available for free online at http://cacr.uwaterloo.ca/hac/. Jeff > On 11/2/2012 9:06 PM, Abhiram Shandilya wrote: >> >> I thought the keys in ECC certificates can be used for both ECDH key >> agreement and ECDSA digital signature. >> >>> -----Original Message----- >>> From: Erik Tkal >>> Sent: Friday, November 02, 2012 8:24 AM >>> To: openssl-users@openssl.org >>> Subject: RE: ECDH-RSA and TLS 1.2 >>> >>> What if the server has an ECDH certificate? Would that then be the >>> appropriate set of suites? >>> >>> >>>> -----Original Message----- >>>> From: Dr. Stephen Henson >>>> Sent: Thursday, November 01, 2012 10:38 PM >>>> To: openssl-users@openssl.org >>>> Subject: Re: ECDH-RSA and TLS 1.2 >>>> >>>> On Fri, Nov 02, 2012, Abhiram Shandilya wrote: >>>> >>>>> Hi Steve, Thanks for your response. I'm just trying to figure out what >>>>> it takes to get this working - are you of the opinion that an SSL >>>>> server should not support TLS 1.2 ECDH-RSA cipher suites? Could you >>>>> also mention why? >>>> >>>> >>>> Well one reason is that the fixed ECDH cipher suites do not support >>>> forward secrecy because they always use the same ECDH key. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org