William Allen Simpson (wsimpson@greendragon.com)
Wed, 31 Mar 99 00:46:50 GMT
Now that DNSSec, OpenPGP, and Photuris RFCs have been posted, I find
that it is time to update the public-key exchange information.
One of the "features" of Photuris introduced by the WG process, is
passing a nonce encrypted in the public-key of the peer. It's a pretty
decent idea, although it complicates the exchange quite a bit. But,
major changes have occurred with regard to using DSA instead of RSA in
both DNSSec and OpenPGP.
After spending 3 days (it's been a long time since December 1995) on the
text, I thought some code would be good to promote/demonstrate
interoperability. This is likely to show up on OpenBSD first, and so
I've spent 4-5 hours today looking at their port of SSLeay. I don't see
how to do it, without re-writing the entire DSA module.
Am I just blind from the lack of up-to-date documentation? Is there a
better library for this sort of thing? Does anyone already have a code
fragment that does this?
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:51