IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: additional core draft nits in need of WG attention.



Bill Sommerfeld <sommerfeld%east.sun.com@localhost> writes:

> > >13.  Section 6.1.  There is only one Oakley group defined, and it has an
> > >equivalent strength of 80-bit symmetric encryption. There should be
> > >additional Oakley groups that offer strength commensurate with the other
> > >recommendations in the document. The document should explicitly reference
> > >RFC 3526, and make use of group 14 (2048 bits).
> 
> Any opinions here?  "Use dh-group-exchange if you're paranoid".

I'd say we should just add the group. The security concerns addressed
are different than for dh-group-exchange, and it's a lot simpler. I
think there were at least a few people in the group that argued for
this addition already when dh-group-exchange was proposed.

/Niels



Home | Main Index | Thread Index | Old Index