> SSL uses X509, and X509 mandates a PK algorithm, but doesn't say
> which one. At the moment we have RSA and DH implementations, but each
> has drawbacks, either legal, as for RSA in here in the US, or
> technical for DH everywhere.
> 
> As far as I know El-Gammal has everything you want from PKC and it's
> used in GNU's GPG, the PGP replacement. It's unpatented, too, and
> free for use anywhere.
> 
> So why hasn't anyone ever put an El-Gammal cipher suite in an SSL
> implementation? Is it something that's been just missed, or am I
> missing something VERY obvious?
> 

The primary reason may be that the holder of the RSA patent
has managed to somewhat converge the business interests of the US 
companies making browsers etc., or perhaps that for national security
reasons it is more convenient to focus on one algorithm of which the 
exploitation more or less can be controlled. Compare for example the 
widespread adoption of S/MIME by the standard clients instead of PGP/MIME.
Although those also differ in suitabality for PKI / CA infrastructures.

If there are technical benefits to use el-gammal instead of a combination
of DH/DSS, it would be nice to have it in the SSL suite. There is always
a chance to promote widespread use of a free suite.

Regards,

-Janjaap Bos

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to