SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: IPS security draft: SRP groups (resend)



    Hi David,
    Sounds good, but I don't understand the motivation to use any primes other than those from IKE when we know those primes are certifiable and that a generator suitable for SRP can be easily and deterministically determined. Is there value in giving the user multiple choices for primes of a given size?
    Vince 
    
    |-----Original Message-----
    |From: Black_David@emc.com [mailto:Black_David@emc.com]
    |Sent: Monday, July 15, 2002 4:25 PM
    |To: vince_cavanna@agilent.com; ips@ece.cmu.edu
    |Subject: RE: IPS security draft: SRP groups (resend)
    |
    |
    |Vince,
    |
    |> If we cannot prove the primality of our chosen moduli I 
    |> thought why not use moduli, such as the well known groups 
    |> from RFC 2412, whose primality has been proven. Tom Wu told 
    |> me that would not be a problem provided we found generators 
    |> other than 2 (the generator that is given in RFC 2412), 
    |> because 2 in not useful (for these moduli) in SRP (I don't 
    |> know why such is the case).
    |
    |Tom's already posed the required generators for the IKE groups
    |to the list.  In addition, Tero Kivinen was in the process of
    |proving the primality of Tom's SRP primes last night.  With
    |luck we'll have a post to the list with pointers to the proof
    |certificates soon.
    |
    |Thanks,
    |--David
    |---------------------------------------------------
    |David L. Black, Senior Technologist
    |EMC Corporation, 42 South St., Hopkinton, MA  01748
    |+1 (508) 249-6449            FAX: +1 (508) 497-8018
    |black_david@emc.com       Mobile: +1 (978) 394-7754
    |---------------------------------------------------
    |
    


Home

Last updated: Mon Jul 15 23:18:50 2002
11333 messages in chronological order