[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: slides from WG meeting, 31 Mar 98

At 09:24 PM 4/2/98 -0800, Bill Frantz wrote:
>At 7:48 AM -0800 4/1/98, Carl Ellison wrote:
>>P.S.  Bill Frantz reminded me after the meeting that I had omitted a DSA
>>stub in the slides.  I don't have DSA in the current code but will add that
>>as soon as the first release is done and it will have the same kind of
>>stubbing if necessary for export purposes.  If I can find a good freeware
>>implementation, I may even try to get approval to include it bodily.
>>After all, DSA is good only for authentication.  That's why NSA chose it.
>My reading of the export regs say that since SPKI is only for
>authentication, you don't need an export license or a conversation with the
>commerce department.  Your Paranoia May Vary.

I think that's right.  Just one additional point.  Althought DSA does not
provide encryption per se, give secret keys X1 and X2 (random 160 bits)
and corresponding public keys defined by

    Y1 = (g^x1)%P  and Y2 = (g^x2)%P

either party can perform a calculation to generate a shared secret SS,

    SS = (Y2^X1)%P = (g^(X2*X1))%P = (g^(X1*X2))%P = (Y1^X2)%P == SS

So SS can be used as a symmetric key, never transmitted, to encode and
transmit a symmetric session key, such session key employed in, say DES.

So it makes symmetric key encryption "much more workable".

But you probably already knew this.

>Bill Frantz       | If hate must be my prison  | Periwinkle -- Consulting
>(408)356-8506     | lock, then love must be    | 16345 Englewood Ave.
>frantz@netcom.com | the key.     - Phil Ochs   | Los Gatos, CA 95032, USA