Dr Stephen Henson <shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk>
writes:
I originally put this forward as a throw away comment but since Burt
Kaliski seemed to like the idea (it was me that made the initial
suggestion: I think the quoting got messed up somewhere) I'll suggest it
again a bit more formally as a possible alternative.
The idea is very simple. Treat the mailing list key (MLK) exactly as if
it was a S-S DH shared secret ZZ. In particular a salt is mandatory and
the KEK is derived using X9.42.
I think this is a good idea. I second it.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]