Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Sep 3 04:59:11 PDT 2015

One saving grace about RFC 2631 was that it was pretty much universally
ignored for the reason that it was, well, a pretty stupid way to do things, so
the number of affected implementations would be approximately zero.

(I only know of one, rather minor, vendor who implemented it.  Microsoft
implemented it in receive-only mode solely so that they couldn't be accused of
being non-standards-compliant, but I'd be very surprised if there was anything
still around that supported it.  For starters you'd need to be able to find a
CA that could issue you a DH certificate...).


More information about the cypherpunks mailing list