nagydani(_at_)epointsystem(_dot_)org (Daniel A. Nagy) writes:
On Thu, Sep 22, 2005 at 05:43:57PM +1200, Peter Gutmann wrote:
X9.42 was only added to S/MIME for political reasons. AFAIK only one
implementation ever supported it, and that was the USG-funded reference
implementation that was required to support it. In addition, MS supported a
read-only implementation just so they couldn't be accused of not supporting
it.
What political reasons?
For a brief period during the S/MIME development, RSA was still owned by
RSADSI while DH wasn't. From "The Crypto Gardening Guide and Planting Tips",
http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt:
An Internet standard RFC required that implementors support X9.42 DH key
agreement, and provided RSA as an option (in IETF terms, "MUST X9.42, MAY
RSA"). However, no existing software supported X9.42, no CAs would issue
certificates for it, even if they did no-one wanted to renew all of their
certificates ($$$) for an algorithm that provided no advantages over RSA,
and no hardware (either crypto accelerators or smart cards) supported it
(there was some token support after a few years, although even now there are
problems being found with the X9.42 test vectors which indicate that no-one
has really looked at them). As a result, even though the standard mandated
use of X9.42, everyone treated it as if it said "MUST RSA, SHOULD NOT
X9.42", pretending to do X9.42 while running business as usual with RSA.
And why is there a reserved ID in OpenPGP?
OpenPGP has reserved IDs for all sorts of weird and wonderful stuff. I guess
X9.42 is no exception.
Peter.