Re: Interoperable DH certs?

Thu, 25 Jan 2001 07:26:40 -0800 

Dr S N Henson wrote:

> The main problem is how you'd certify a DH key when it can't be used to
> sign a certificate request.

I do not understand your comments.  There are excellent POP algorithms
available for the certificate request phase (see Diffie-Hellman 
Proof-of-Possession Algorithms, RFC 2875),  and of course such certs
may be signed with RSA (preferred for speed of verification) or DSA.  

While your thinking may be driven by the demands of the SSL protocol,
I find myself using the toolkit in situations where a protocol
handshake is undesirable (e.g. wireless access-point fast handoffs),  
and DH permits parties that possess mutually authenticated identities 
to begin encrypted traffic without keying messages.  As 802.11 and
Bluetooth take off, this will be of increasing importance.

> There are workatrounds but it would need quite a bit of work and very
> few DH certificates are in general use.

The PKIX profile used for 'dhpublicnumber' isn't much different from
the one used for dsa parameters:


        dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
                  us(840) ansi-x942(10046) number-type(2) 1 }


        DomainParameters ::= SEQUENCE {
              p       INTEGER, -- odd prime, p=jq +1
              g       INTEGER, -- generator, g
              q       INTEGER, -- factor of p-1
              j       INTEGER OPTIONAL, -- subgroup factor
              validationParms  ValidationParms OPTIONAL }

leaving off the optional parms, 

        DomainParameters ::= SEQUENCE {
              p       INTEGER, -- odd prime, p=jq +1
              g       INTEGER, -- generator, g
              q       INTEGER, -- factor of p-1 }

The difference is that, in generation and validation for signing by the CA,
q is not constrained to be a 160-bit (or other hashsize) prime factor of
(p-1), and g and p may be global parameters chosen for esoteric properties.

> Can you send me a sample DH certificate? It would be useful if we ever
> need to support them.

I'd be glad too...  I'll scrounge some up.  Meanwhile, any suggestions
on hacking the dhparams tool to permit me to do the above?

Cheers,

M.Sierchio
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to