From owner-freebsd-security  Mon Feb 27 09:30:20 1995
Return-Path: security-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id JAA29716 for security-outgoing; Mon, 27 Feb 1995 09:30:20 -0800
Received: from precipice.Shockwave.COM (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id JAA29710; Mon, 27 Feb 1995 09:30:19 -0800
Received: from localhost (localhost [127.0.0.1]) by precipice.Shockwave.COM (8.6.10/8.6.9) with SMTP id JAA03786; Mon, 27 Feb 1995 09:28:51 -0800
Message-Id: <199502271728.JAA03786@precipice.Shockwave.COM>
To: "Charles M. Hannum" <mycroft@ai.mit.edu>
cc: hackers@freefall.cdrom.com, security@freefall.cdrom.com
Subject: Re: key exchange for rlogin/telnet services? 
In-reply-to: Your message of "Mon, 27 Feb 1995 05:57:15 EST."
             <199502271057.FAA07849@duality.gnu.ai.mit.edu> 
Date: Mon, 27 Feb 1995 09:28:51 -0800
From: Paul Traina <pst@Shockwave.COM>
Sender: security-owner@FreeBSD.org
Precedence: bulk

Hence the disclaimer in front... can you go any further than "take this with
3 grains of salt?"

I'll go dig out my copy of applied crypto and see where I went wrong, but
I was almost positive you needed to use RSA to bootstrap the initial
secret exchange.

Thanks for the correction,  no thanks for the verbage attached.

  From: "Charles M. Hannum" <mycroft@ai.mit.edu>
  Subject: Re: key exchange for rlogin/telnet services? 
  
     (take this with 3 grains of salt, I am not an expert in D-H) but
     the base technology requires use of RSA [...]
  
  Diffie-Hellman key exchange has no relation to RSA public key
  encryption.
  
  It's very irresponsible to comment on security and/or legal matters
  without knowing what you're talking about.