[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [iaik-ssl] setDHParameter / DHParameterSpec / anyone got someprimes?
Zahid Ahmed wrote:
> what is the typically advantage/use of emphemeral DH ?
The biggest advantage over fixed DH for us is that client authentication
works; with fixed DH certificates it doesn't (as I wrote in an earlier
The advantage over RSA is that it ensures that we can distribute the
software to the USA (as far as I have heard, RSA isn't giving out licenses
to their patent unless you use their libraries).
We can do this because we write both client and server; there are no
> would you use it mostly w/DSA certs?
Yes, exclusively, for the reason mentioned above: patent issues. The patent
that covers DSA is licensed automatically and without royalties by the US
> which 3rd party CA issues DSA certificates?
There's a problem; I don't know of any major CAs that do this. I've wondered
why this is, it seems to be a result of heavy-handed politics by the backers
of the RSA algorithm, if the mailings I've read about it are to be believed.
Luckily, the RSA patent will expire next year; we'll have to re-evaluate the
use of DSA then.
For our application, we are our own CA; we certify servers certificates with
a CA certificate. It requires a tiny program since all the infrastructure
(X509 certificate building) is included in IAIK-JCE.
> > -----Original Message-----
> > From: Erwin Bolwidt [mailto:firstname.lastname@example.org]
> > Sent: Friday, October 15, 1999 5:39 AM
> > To: email@example.com
> > Subject: [iaik-ssl] setDHParameter / DHParameterSpec / anyone got some
> > primes?
> > I have primes of 512 bits length and 2048 bits length. The demo source
> > code only contains a 512-bit prime. Does anyone have 768-bit and
> > 1024-bit Diffie-Hellman suitable primes?
> > Regards,
> > Erwin Bolwidt
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-ssl