[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Subject:  Diffie-Hellman

>Since there's no perceived value and since all the software would
>require license from RSADSI, it won't happen that way.

It was not my understanding that RSA held any patents, copyrights or other controls
over Diffie-Hellman key exchange.  The 'big-number' math required is not
difficult and is fully documented in Knuth's "The Art of Computer Programming",
vol2: Seminumerical Algorithms; section 4.3: Multiple Precision Arithmetic. 
Also note that this multiple precision code is available in the PGP source in
the file mpilib.c.

The exchanged key could easily be a DES (or other fast symmetric cypher) key --
and usually is.  Unless you want to perform an authenticated key exchange with
Diffie-Hellman as described in "Authentication and Authenticated Key Exchanges" [Diffie,
Van Oorschot and Wiener in "Designs, Codes and Cryptography", 2, 107-125 (1992)]
using certificates signed with the RSA algorithm, then RSA doesn't have to enter
the picture at all.

Is my understanding of RSAs controls incorrect?