iSCSI: DH-CHAP and SRP groups

To: ips@ece.cmu.edu
Subject: iSCSI: DH-CHAP and SRP groups
From: Paul Koning <ni1d@arrl.net>
Date: Tue, 16 Apr 2002 16:34:36 -0400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Sender: owner-ips@ece.cmu.edu

I sent this earlier (April 10) as part of the note "DH-CHAP initial
comments" but have seen no reaction, so let me try again...

Section 9 raises the open issue of chosing the D-H group(s), which is
also open for SRP.  It seems to me the same solution can be applied to
both, which is to adopt the groups already adopted (and verified to
have the right mathematical properties) for IKE.  In particular,
"Group 1" would serve, and, if people insist on a bigger one, "Group
2".  I don't see a strong reason to include any of the larger groups
which have been proposed in the context of IKE and AES.

This could be done by removing the N and g keys from SRP and DHCHAP,
and replacing them by a single "group ID" key whose value is that of
the group ID taken from RFC 2409.

Is there any reason why the D-H groups used in IKE would not also be
suitable for DH-CHAP?  For SRP?

	 paul

Follow-Ups:
- Re: iSCSI: DH-CHAP and SRP groups
  - From: Tom Wu <tom@arcot.com>

Prev by Date: FC Frame Encapsulation ready for next step
Next by Date: RE: iSCSI: possible DH-CHAP rationale
Prev by thread: FC Frame Encapsulation ready for next step
Next by thread: Re: iSCSI: DH-CHAP and SRP groups
Index(es):
- Date
- Thread

Home

Last updated: Wed Apr 17 03:18:23 2002
9694 messages in chronological order