questions on RFC2631 and DH key agreement
' =JeffH '
Jeff.Hodges at KingsMountain.com
Fri Feb 1 16:53:46 EST 2008
So AFAICT from perusal of RFC2631 "Diffie-Hellman Key Agreement Method" and
RFC2630 CMS, when one executes a simple DH static profile between two parties,
the only things that really need to go over the wire are each party's public
keys (ya and yb) if { p, q, g, j } are known to both parties. And thus,
"Generation of Keying Material" is done by each party separately, using the
value of ZZ that each independently calculates, yes? Thus keying material
doesn't cross the wire and risk exposure (among various things).
So if p, q, g are not static, then a simplistic, nominally valid, DH profile
would be to..
a b
---------- ----------
g, p, ya ------------------------------------>
<--------------------------------------- yb
[calculates ZZ] [calculates ZZ]
[calculates keying material] [calculates keying material]
. .
. .
. .
..yes?
Other than for b perhaps wanting to verify the correctness of { p, q, g, j }
("group parameter validation"), is there any reason to send q ?
thanks,
=JeffH
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list