Dr S N Henson wrote:
> Or to summarise, yes it is possible to add support in OpenSSL, no it
> isn't very easy and I'm not sure how useful it would be if support was
> added.
I suggest a division of labor -- leave the demonstration of usefulness to me,
and you take the hard part... ;-) Our intention is to deploy on thousands
of mobile devices, each needing to authenticate itself to an access point.
3- or 4-way handshakes and cert chains aren't an option.
Maybe I should reiterate that encoding the DH certs as DSA certs is not
a problem -- finding the right parameters is. This might make the common
parameters (e.g. SKIP's choice of g, p) impossible to use because of a lack
of an appropriate 160-bit q (I am guessing, I haven't searched for one).
I am open to suggestions.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
