|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: IPS security draft: SRP groups (resend)Hi David, Sounds good, but I don't understand the motivation to use any primes other than those from IKE when we know those primes are certifiable and that a generator suitable for SRP can be easily and deterministically determined. Is there value in giving the user multiple choices for primes of a given size? Vince |-----Original Message----- |From: Black_David@emc.com [mailto:Black_David@emc.com] |Sent: Monday, July 15, 2002 4:25 PM |To: vince_cavanna@agilent.com; ips@ece.cmu.edu |Subject: RE: IPS security draft: SRP groups (resend) | | |Vince, | |> If we cannot prove the primality of our chosen moduli I |> thought why not use moduli, such as the well known groups |> from RFC 2412, whose primality has been proven. Tom Wu told |> me that would not be a problem provided we found generators |> other than 2 (the generator that is given in RFC 2412), |> because 2 in not useful (for these moduli) in SRP (I don't |> know why such is the case). | |Tom's already posed the required generators for the IKE groups |to the list. In addition, Tero Kivinen was in the process of |proving the primality of Tom's SRP primes last night. With |luck we'll have a post to the list with pointers to the proof |certificates soon. | |Thanks, |--David |--------------------------------------------------- |David L. Black, Senior Technologist |EMC Corporation, 42 South St., Hopkinton, MA 01748 |+1 (508) 249-6449 FAX: +1 (508) 497-8018 |black_david@emc.com Mobile: +1 (978) 394-7754 |--------------------------------------------------- |
Home Last updated: Mon Jul 15 23:18:50 2002 11333 messages in chronological order |