RE: IPS security draft: SRP groups

[Black_David@emc.com]

Missed this earlier, sorry ...

> Ok.  I didn't know that but I probably would have learned it if I had
> done the necessary reading about groups and generators.  But the point
> of my question wasn't "is it possible to compute g" but rather "how
> about supplying g in the spec" (since the g=2 from IKE is not
> appropriate).   It seems a bit redundant for everyone to repeat the
> search for a suitable g...
>
> So what's the story about unlisted groups?  Is an implementation that
> accepts only the groups listed in appendix A, but not any "locally
> generated" ones, a compliant implementation?
> 
Yes - accepting those groups and only those groups is the minimum
(MUST) requirement.  If the IKE groups are to remain allowed, we
need to specify generators for their use with SRP - please consider
this to be a serious *PLEA* for someone to volunteer to do the
crpto-theoretic number crunching needed to find SRP generators for
those groups and/or prove the primality of the SRP primes.  Lack of
progress here has the potential to hold up the security draft on
which *all* of our protocol drafts depend (normative references).
We can promise at least 30 minutes of fame (*twice* the proverbial
15 ;-) ) to those who resolve this issue ...

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449            FAX: +1 (508) 497-8018
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------