Eh? No, as I've been saying, you can produce a very strong hybrid in which both Diffie-Hellman and RSA each play an important part. Diffie-Hellman generates the session keys, while RSA signs them.
Does anybody *know* how existing secure phones do authentication? I'm familiar with the AT&T 3600, but I was wondering about a STU-III, perhaps a Motorola SECTEL-1500, or equivalent Cylink. I assume that they use Diffie-Hellman to exchange session keys, but what public/private key info is stored in the phones (if any), and how do you load it in? Do you contact some kind of certifying authority to download key info? Is it stored in some kind of NVRAM, or EEPROM? How many keys will the phone store? I assume, given the presense of a "zeroize" button that something useful is stored in the phone. Also, what is the "cryptographic ignition key"? It is some kind of FLASH or EEPROM? What's on it? The key pair? Thanks, Eric Blossom