Re: Comments on DH-GEX draft

[pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)]

Bill Sommerfeld <sommerfeld%east.sun.com@localhost> writes:

>> (I realise it's too late now, but the real problem is that the client is
>>  expected to guess at a parameter that only the server knows, with the
>>  solution being that the server advise the client what to do in advance.  Want
>>  me to throw together a one-page informational draft documenting the
>>  "xxx-1024-xxx,xxx-2048-xxx"-style algorithm options?).
>
>What sort of client-side policy do you have in mind other than "pick a group
>at least as large as X and less than Y"?

D'you mean in relation to the client seeing "xxx-1024-xxx,xxx-2048-xxx" from
the server?  The server's saying:

  I can definitely guarantee to provide you with keys of size X, Y, or Z.  I
  cannot guarantee to provide you with a key of some other size if you ask for
  it.

In other words it's "If you choose not to go with the server's recommendation
then the server will give you the closest match based on the DH-GEX rules,
which may not yield the key type you're after".  It's fully backwards-
compatible with the existing way of doing things, all the server is doing is
allowing the client to make an informed decision, rather than requiring it to
take pot-shots at an appropriate key size and either drop the connection and
restart the handshake or have to make do with whatever it gets back.

If there's no objections to this I can crank out a draft, it's only half a
page of text (exluding boilerplate) and a handful of lines of code to change
to implement it.

Peter.