Re: New IDs

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: New IDs
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 24 May 2004 23:37:55 +0200

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

> > The right way to change would be to recommend the use of DH-GEX or
> > adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make
> > a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name,
> > while we are making changes).
> 
> I was under the impression that we had already been over this issue,
> and that we were going to recommend implementation of DH-GEX, and that
> that satisfied the IESG's concern.

I think it would make a lot of sense to add one or two larger fixed
groups, besides DH-GEX. Main argument is that it's simpler (=> less
opportunity for implementation bugs, which is important for any
security protocol) than DH-GEX. The choice between a large fix group
and DH-GEX depends on what you think is most dangerous: Expensive
discrete log table attacks on a fix group, or additional protocol
complexity.

(This is the same position as I had last time this was discussed. I
don't remember if there were ever was a consencus).

Regards,
/Niels

Follow-Ups:
- Newer IDs
  - From: Chris Lonvick

References:
- I-D ACTION:draft-ietf-secsh-userauth-19.txt
  - From: Internet-Drafts
- Re: I-D ACTION:draft-ietf-secsh-userauth-19.txt
  - From: der Mouse
- New IDs
  - From: Chris Lonvick
- Re: New IDs
  - From: Damien Miller
- Re: New IDs
  - From: Jeffrey Hutzelman

Prev by Date: Re: New IDs
Next by Date: Re: New IDs
Previous by Thread: Re: New IDs
Next by Thread: Newer IDs
Indexes:

Home | Main Index | Thread Index | Old Index