Dr. Stephen Henson wrote: > One other note. Static-static DH IIRC has an unfortunate side effect: the > sender can be traced because they have made use of their private key. Other > algorithms such as RSA or ephemeral-static DH don't have this property. > > This issue was discussed in the S/MIME mailing list at the time.
DH is still extremely useful, particularly with ECC, particularly for encryption and pairwise authentication. See dnscurve.org for an example, but also for a novel mechanism for communicating the public key (essentially an identity encryption scheme in which the FQDN contains the public key). It is never necessary to use the long term shared secret directly, there are mechanisms for permuting it based on the use of a nonce and coarse-grained timer, a la SKIP. - Michael (Diffie-Hellman aficionado) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
