IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: New IDs



Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

> > The right way to change would be to recommend the use of DH-GEX or
> > adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make
> > a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name,
> > while we are making changes).
> 
> I was under the impression that we had already been over this issue,
> and that we were going to recommend implementation of DH-GEX, and that
> that satisfied the IESG's concern.

I think it would make a lot of sense to add one or two larger fixed
groups, besides DH-GEX. Main argument is that it's simpler (=> less
opportunity for implementation bugs, which is important for any
security protocol) than DH-GEX. The choice between a large fix group
and DH-GEX depends on what you think is most dangerous: Expensive
discrete log table attacks on a fix group, or additional protocol
complexity.

(This is the same position as I had last time this was discussed. I
don't remember if there were ever was a consencus).

Regards,
/Niels



Home | Main Index | Thread Index | Old Index