Dr S N Henson wrote:

> OK that looks like standard PKCS#3 stuff which can be handled fairly
> easily for just certificate support. Is a private key format defined as
> well or is that up to the application? If the latter I'd follow the
> PKCS#8 + PKCS#11 standard for DH.

Okay, private key format, uh, right... ;-)  I think the latter.

> Then we'd obviously need an alternative parameter generation algorithm.
> The X9.42 version (also in RFC2631) would be usable (though better ones
> exist) except no test vectors exist which aren't obviously broken. I've
> never found anyone else who's implemented the X9.42 parameter algorithm
> other than the restricted case which is FIPS 186-1 compatible (i.e.
> q=160 bits).

I haven't implemented it,  but this is also covered in RFC 2875

> DH-POP is indeed a problem. There's a standard again but its a bit messy
> to implement in that it forces handling of DH certificate requests as a
> special case.

Right, because the CA will need a cert dedicated to the key agreement.
Certs should be signed with RSA,  it just makes verification a lot
easier.  

I appreciate your willingness to engage in dialog on the matter,
and hope I can free up some time to help.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to