DH/DSS against RSA, SSL with RSA ...

DH/DSS against RSA, SSL with RSA ...

Post by pierr » Thu, 27 Nov 1997 04:00:00



Hello there,

what happens if I want to implement secured applications and
protocols like SSL or other certificates based applications ???

I have to get a (expensive) license of the RSA patents (in the US).

Then if we look at SSLv3.0 it is possible to use DH/DSS certificates.
Certificates are signed by CA with DSS signatures and contain
Diffie Hellman keys for encryption, both are free now !

Now the question is : does anybody know if a client that implements
only these free algorithms can connect to SSL servers ?

Does Verisign or any other famous CA provides Certifictaes with something
else than RSA keys ???? Is it widely used ?

I'd like also to understand if I can implement authentication with DH keys.
It seems to me that it is possible provided that both parties use the same
base
and modulus for the generation of their public keys. This can be done if
Alice and Bob got their public Diffie Hellman keys from the same CA
(using a single pair of B and Mod). Then Alice and Bob can start exchanging
a temporary encryption key with their shared secret. Authentication is OK
if
it works.

Do you know if this is used ??
Or do I always have to DSS signed my DH certificates ?

Many thanks for your help,

Pierre.

 
 
 

1. Removing DH/DSS signature on RSA key pair

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have two key pairs for my  primary e-mail address (2048/1024-bit
DH/DSS and 1024-bit RSA), and one 1024-bit key for my secondary
e-mail
address. All keys has been signed by all my other keys.

I have later seen postings saying I should not have signed my RSA
keys
with my DH/DSS key, as this would prevent users of the RSA-only
versions of PGP to use my public RSA keys. I have a few questions
about the effect of revoking my DH/DSS signature on my RSA keys:

1: Will another person's DH/DSS signature on my RSA key cause the
same
problems?

2: Will my RSA keys be restored to a "pure" RSA key if I revoke my
own
DH/DSS signature on them?

3: Will a revoked DH/DSS signature* reduce the trust in the DH/DSS
key
itself in the eyes of others?

Thanks, Lars Vindal

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOiVf6+bjAncVEeSsEQIyvgCbBkWWtj/0teDrCZoJvCK302M4qk0AnjFl
0kZy25ZXT+7vEH/NPJr0TFbu
=uG2B
-----END PGP SIGNATURE-----

2. An easy way to use larger fonts???

3. RSA & DH/DSS

4. .oO Dead to Rights Oo.

5. rsa and dh/dss

6. PC hung on executing OS/2 external command on FAT file system

7. Why so much DH/DSS not RSA ?

8. launching local application from button field

9. RSA/IDEA vs. DH/DSS

10. any FREE pgp package with RSA and DH/DSS support

11. RSA Vs DH/DSS?

12. RSA vs. DH/DS - which is supposedly better?

13. Signing a DH/DSS key with my old RSA key