[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS 1.1 and static DH

To: tls@xxxxxxxx
Subject: Re: [TLS] TLS 1.1 and static DH
From: Dr Stephen Henson <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 25 Oct 2006 12:36:23 +0100
Cc:
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F2403500ADA@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F2403500ADA@xxxxxxxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

Pasi.Eronen@xxxxxxxxx wrote:
> pgut001@xxxxxxxxxxxxxxxxx wrote:
> 
>> cryptlib definitely doesn't do static DH... in fact does anything?
>> Why would anyone do it at all, for that matter?
> 
> Based on a quick look at the source code, at least OpenSSL, Mozilla
> NSS, and PureTLS appear to support static DH. 

There is some code related to this in the SSL source but the relevant DH
certificate support was never implemented.

Well actually it is possible that PKCS#3 DH certificate support is
present in OpenSSL 0.9.9 but that is as an indirect result of other
changes. The PKCS#3 DH certificate request generation code isn't present
though.

I was at one point some years ago planning to add X9.42 DH support to
OpenSSL for S/MIME v3 but I only received one comment asking me *not* to
support it.

Finding test vectors for the parameter generation algorithm was also a
problem. The only ones I saw were either compatible with the DSA
algorithm or clearly broken. Various calls in public mailing lists
giving details about why I thought the existing ones were wrong met with
silence. I ended up concluding that if no one else was implementing it,
why should I?

>
> But I don't know why they do it either (or whether that part of the
> code has actually ever been used or tested :-)
>

Just about the only reason I can think of is a lower connection overhead.

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@xxxxxxxxxxxxxxxxxxxxx, PGP key: via homepage.

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS 1.1 and static DH
  - From: Peter Gutmann

References:
- RE: [TLS] TLS 1.1 and static DH
  - From: Pasi.Eronen

Prev by Date: Re: [TLS] TLS 1.1 and static DH
Next by Date: RE: [TLS] Open issue: Record Version Numbers
Previous by thread: Re: [TLS] TLS 1.1 and static DH
Next by thread: Re: [TLS] TLS 1.1 and static DH
Index(es):
- Date
- Thread