[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] setDHParameter / DHParameterSpec / anyone got someprimes?



Zahid Ahmed wrote:

> what is the typically advantage/use of emphemeral DH ?

The biggest advantage over fixed DH for us is that client authentication
works; with fixed DH certificates it doesn't (as I wrote in an earlier
e-mail).
The advantage over RSA is that it ensures that we can distribute the
software to the USA (as far as I have heard, RSA isn't giving out licenses
to their patent unless you use their libraries).

We can do this because we write both client and server; there are no
interoperability issues.

> would you use it mostly w/DSA certs?

Yes, exclusively, for the reason mentioned above: patent issues. The patent
that covers DSA is licensed automatically and without royalties by the US
government.

> which 3rd party CA issues DSA certificates?

There's a problem; I don't know of any major CAs that do this. I've wondered
why this is, it seems to be a result of heavy-handed politics by the backers
of the RSA algorithm, if the mailings I've read about it are to be believed.

Luckily, the RSA patent will expire next year; we'll have to re-evaluate the
use of DSA then.

For our application, we are our own CA; we certify servers certificates with
a CA certificate. It requires a tiny program since all the infrastructure
(X509 certificate building) is included in IAIK-JCE.

Regards,
  Erwin Bolwidt


> > -----Original Message-----
> > From: Erwin Bolwidt [mailto:ejb@tryllian.com]
> > Sent: Friday, October 15, 1999 5:39 AM
> > To: iaik-ssl@iaik.tu-graz.ac.at
> > Subject: [iaik-ssl] setDHParameter / DHParameterSpec / anyone got some
> > primes?
> >
> [snip]
> > I have primes of 512 bits length and 2048 bits length. The demo source
> > code only contains a 512-bit prime. Does anyone have 768-bit and
> > 1024-bit Diffie-Hellman suitable primes?
> >
> > Regards,
> >   Erwin Bolwidt
>

--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl