Michael Sierchio wrote:
>
> Dr S N Henson wrote:
>
> > Or to summarise, yes it is possible to add support in OpenSSL, no it
> > isn't very easy and I'm not sure how useful it would be if support was
> > added.
>
> I suggest a division of labor -- leave the demonstration of usefulness to me,
> and you take the hard part... ;-) Our intention is to deploy on thousands
> of mobile devices, each needing to authenticate itself to an access point.
> 3- or 4-way handshakes and cert chains aren't an option.
>
Certainly, please deposit not less than £1,000,000 in the following
account ... :-)
Seriously though is there some specific reason why you need to use DH
rather than RSA or DSA (if its authentication only)?
> Maybe I should reiterate that encoding the DH certs as DSA certs is not
> a problem -- finding the right parameters is. This might make the common
> parameters (e.g. SKIP's choice of g, p) impossible to use because of a lack
> of an appropriate 160-bit q (I am guessing, I haven't searched for one).
> I am open to suggestions.
There are various techniques about. The one mentioned in the X9.42 spec
is frowned upon many people use Lim-Lee instead which I did look at ages
ago but I've lost the reference.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
