On Thu, Sep 22, 2005 at 05:43:57PM +1200, Peter Gutmann wrote:
nagydani(_at_)epointsystem(_dot_)org (Daniel A. Nagy) writes:
Now, there exists a cryptographic solution for this problem, moreover,
RFC2440 even hints that it might be implemented in OpenPGP, though I have
never seen it used: X9.42 Diffie-Hellman key agreement (see also RFC2630,
RFC2631 and RFC2633).
X9.42 was only added to S/MIME for political reasons. AFAIK only one
implementation ever supported it, and that was the USG-funded reference
implementation that was required to support it. In addition, MS supported a
read-only implementation just so they couldn't be accused of not supporting
it.
What political reasons? And why is there a reserved ID in OpenPGP?
(I remember having a conversation with a rather baffled security application
developer who wanted to see X9.42 in an S/MIME toolkit and just couldn't
understand that although the spec had it as a MUST requirement, all the
implementors knew that you should ignore it).
X9.42 may be flawed (is it?), but DH key agreement is one of the strongest
primitives in asymmetric cryptography.
--
Daniel