From: "Darren Harter" <dharter(_at_)classic(_dot_)msn(_dot_)com>
John,
We should also take care to ensure that DH derivatives that have
separate key-pairs (and thus certificates) for sending and receiving
are not ignored.
Darren Harter
dharter(_at_)msn(_dot_)com
Darren,
I'm not clear on what scenario you have in mind. DH long-term public
keys can be certified to allow the sender to authenticate the recipient,
but do not allow the recipient to authenticate the sender; for that a
certified signature key is required.
Can you describe the protocol/usage mode that requires two *certified*
DH public keys per entity, in addition to the certified signature key?