Dr S N Henson wrote:
> Seriously though is there some specific reason why you need to use DH
> rather than RSA or DSA (if its authentication only)?
Actually... yes. ;-)
Several proposed algorithms for authentication and replay prevention
exist which use the long-term DH secret (or some product of the
Kij) as the key to an hmac-md5 or hmac-sha1. A nonce or timestamp
is used as the data input to the hmac, and the result is presented
as an authenticator. This is the technique used in the PKI
proposals for MobileIP.
> There are various techniques about. The one mentioned in the X9.42 spec
> is frowned upon many people use Lim-Lee instead which I did look at ages
> ago but I've lost the reference.
Thanks, I'll look into it. (perhaps things like private key length
could be treated in an extension?)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
