[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Diffie-Hellman DomainParameters question

To: "william bamberg" <william.bamberg@xxxxxxxxxxx>
Subject: Re: Diffie-Hellman DomainParameters question
From: Russ Housley <housley@xxxxxxxxxx>
Date: Tue, 22 Feb 2000 22:36:58 -0500
Cc: <ietf-pkix@xxxxxxx>
In-reply-to: <>

Will:

Two reasons, one political and one technical.

1. This structure is aligned with the ANSI X9.42 standard. The banking community and the Internet community will be using the same structure.

2. The value of q is needed to avoid some small subgroup attacks. See draft-ietf-smime-small-subgroup-03.txt.

Russ

At 04:10 PM 02/22/2000 +0000, william bamberg wrote:

RFC 2459, and the new draft, both specify the DomainParameters to be
included along with a D-H public key value with the following syntax:

        DomainParameters ::= SEQUENCE {
              p       INTEGER, -- odd prime, p=jq +1
              g       INTEGER, -- generator, g
              q       INTEGER, -- factor of p-1
              j       INTEGER OPTIONAL, -- subgroup factor
              validationParms  ValidationParms OPTIONAL }

I'm not a crypto expert, but I understand that the q value is not actually
essential for doing Diffie-Hellman, and most D-H certificates that I've come
across seem to omit it. Could anyone explain to me why it's not optional in
the spec?

Thanks very much

Will

References:
- Diffie-Hellman DomainParameters question
  - From: william bamberg

Prev by Date: RE: Straw Poll: SerialNumber definition
Next by Date: Re: German Law and OCSP
Previous by thread: Diffie-Hellman DomainParameters question
Next by thread: Re: Diffie-Hellman DomainParameters question
Index(es):
- Date
- Thread