Re: Comments on DH-GEX draft

To: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Subject: Re: Comments on DH-GEX draft
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Sat, 15 Nov 2003 11:45:09 -0500

> In any case, the new-gex format is at best completely redundant and at
> worst misleading, since the message format implies some sort of choice while
> the text says the server can do anything it feels like:
> 
>          Servers and clients SHOULD support groups with a modulus
>          length of k bits, where 1024 <= k <= 8192.  The recommended
>          values for min and max are 1024 and 8192 respectively.
> 
> which is synonymous with "you can use any (safe) key size you feel
> like".

No, this is a recommendation on implementation capability, not a
recommendation to ignore the client's min and max values.

Page 3 says:

     1.   C sends "min || n || max" to S, indicating the minimal accept-
          able group size, the preferred size of the group and the maxi-
          mal group size in bits the client will accept.

     2.   S finds a group that best matches the client's request, and
          sends "p || g" to C.

Would you like a clarification here?  

	The group selected MUST be within the bounds preferred by the
	client; if no such group is available, the server should
	fail this key exchange, allowing a fallback to a secondary key
	exchange.


					- Bill

References:
- Comments on DH-GEX draft
  - From: Peter Gutmann

Prev by Date: WG chair comments on late comments
Next by Date: Re: additional core draft nits in need of WG attention.
Previous by Thread: WG chair comments on late comments
Next by Thread: Re: Comments on DH-GEX draft
Indexes:

Home | Main Index | Thread Index | Old Index