Re: draft-ietf-dnsext-dnssec-gost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Basil Dolmatov wrote:
> 
> Martin Rex пиÑ?еÑ?:
> >
> > I'm still quite confused.
> >
> > All references to GOST signature algorithms of the kind [GOST3410]
> > ought to be fixed to say [GOST3410-2001].
>    
> I think that can de done, despite the fact that there is no other 
> algorithm coded as GOST 3410, except GOST 34.10-2001.

Slightly OT:

There some more confusing aspect abouth GOST R34.10-xxxx

The math behind GOST bears some similarities with Diffie Helman (DH).

RFC-4357 describes "VKO GOST R34.10-94" and "VKO GOST R34.10-2001" 
under a section called "Key Derivation Algorithms", and defines
parameter sets for these algorithms.


To me, it looks like the GOST algorithms in RFC4357 would be better
described as "Key agreement" instead of "Key Derivation" algorithms
(consistent with the X.509v3 use of the terminology).
In detail, the key exchange algorithm for GOST in TLS seems to
significantly differ from DH key agreement.


What I don't understand is whether the deprecation applies to
GOST R34.10-1994 in general, or only to GOST R34.10-1994 as a
signature algorithm.


I am somewhat illiterate to crypto math, so I'm wondering whether
it is technicall possible to use a GOST R34.10-1994 key agreement
(ephemeral keys) in conjunction with GOST R34.10-2001 certs&signatures,
and if yes -- whether that is still permitted by russian authorities.



-Martin
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]