|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: IPS security draft: SRP groupsMissed this earlier, sorry ... > Ok. I didn't know that but I probably would have learned it if I had > done the necessary reading about groups and generators. But the point > of my question wasn't "is it possible to compute g" but rather "how > about supplying g in the spec" (since the g=2 from IKE is not > appropriate). It seems a bit redundant for everyone to repeat the > search for a suitable g... > > So what's the story about unlisted groups? Is an implementation that > accepts only the groups listed in appendix A, but not any "locally > generated" ones, a compliant implementation? > Yes - accepting those groups and only those groups is the minimum (MUST) requirement. If the IKE groups are to remain allowed, we need to specify generators for their use with SRP - please consider this to be a serious *PLEA* for someone to volunteer to do the crpto-theoretic number crunching needed to find SRP generators for those groups and/or prove the primality of the SRP primes. Lack of progress here has the potential to hold up the security draft on which *all* of our protocol drafts depend (normative references). We can promise at least 30 minutes of fame (*twice* the proverbial 15 ;-) ) to those who resolve this issue ... Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 FAX: +1 (508) 497-8018 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Mon Jul 08 01:18:51 2002 11167 messages in chronological order |