Russ Housley <hous...@vigilsec.com> writes: >I am sure you know that ephemeral-static DH was original used for S/MIME. The >reasoning for ephemeral-static DH was not to make it work like RSA. Rather, >the idea was to provide authentication of the static DH key holder by >certifying the static DH public key.
... thus making it quack like RSA, with a certified static public key. That's exactly the point I was making about running DH sideways, taking a key agreement mechanism and beating it into a form where it worked more like RSA key transport. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
