|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI: DH-CHAP and SRP groupsI sent this earlier (April 10) as part of the note "DH-CHAP initial comments" but have seen no reaction, so let me try again... Section 9 raises the open issue of chosing the D-H group(s), which is also open for SRP. It seems to me the same solution can be applied to both, which is to adopt the groups already adopted (and verified to have the right mathematical properties) for IKE. In particular, "Group 1" would serve, and, if people insist on a bigger one, "Group 2". I don't see a strong reason to include any of the larger groups which have been proposed in the context of IKE and AES. This could be done by removing the N and g keys from SRP and DHCHAP, and replacing them by a single "group ID" key whose value is that of the group ID taken from RFC 2409. Is there any reason why the D-H groups used in IKE would not also be suitable for DH-CHAP? For SRP? paul
Home Last updated: Wed Apr 17 03:18:23 2002 9694 messages in chronological order |