----- Original Message ----- From: "' =JeffH '" <[EMAIL PROTECTED]>
To: <cryptography@metzdowd.com>
Cc: "' =JeffH '" <[EMAIL PROTECTED]>
Sent: Friday, February 01, 2008 1:53 PM
Subject: questions on RFC2631 and DH key agreement

(ya and yb) if { p, q, g, j } are known to both parties.

So if p, q, g are not static, then a simplistic, nominally valid, DH profile
would be to..
     a                                         b
 ----------                               ----------
 g, p, ya ------------------------------------>
     <--------------------------------------- yb

I would actually recommend sending all the public data. This does not take significant additional space and allows more verification to be performed. I would also suggest looking at what exactly the goal is. As written this provides no authentication just privacy, and if b uses the same private key to generate multiple yb the value of b will slowly leak.

Other than for b perhaps wanting to verify the correctness of { p, q, g, j }
("group parameter validation"), is there any reason to send q ?

You can then use the gpb trio for DSA, leveraging the key set for more capabilities. Joe
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to