Dr Stephen Henson <shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk>
writes:
In 12.6:
The key-encryption key is generated by the key agreement algorithm or
distributed as a mail list key. With key agreement, the minimum
number of bits needed to form the key-encryption key must be used.
As an example, only the first 40 bits of Diffie-Hellman generated
keying material are used for a RC2/40 key-encryption key.
This appears to be the "RC2 key length X/8" option. This adds the
restriction that X/8 must always be used in mixed DH+RSA messages though
just RSA need not be restricted to X/8. Or am I misinterpreting this?
You're right about this. Russ, I thought the plan here was to
use the Fixed-128 option.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]