Re: [psg.com #460] IESG - Transport - Oakley

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: [psg.com #460] IESG - Transport - Oakley
From: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Date: Fri, 11 Jun 2004 14:43:16 -0400 (EDT)

> As for larger groups, we have three choices:

>  - specify diffie-hellman-group14-sha1 and make it MANDATORY to implement
>  - make diffie-hellman-group-exchange-sha1 MANDATORY to implement
>  - both of the above

As an implementor, I would argue for the first of these.  Getting
diffie-hellman-group-exchange-sha1 right is a good deal more
complicated than simply using another fixed group.

Of course, as a security geek, I argue for the second, or perhaps the
third, since g-ex-sha1 is stronger than g14-sha1 just on general
principles (because the putative attacker knows less a priori) - at
least if the size parameters are suitable.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Niels Möller

References:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Bill Sommerfeld
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Markus Friedl
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Chris Lonvick
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams

Prev by Date: Re: [psg.com #460] IESG - Transport - Oakley
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley
Previous by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Next by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Indexes:

Home | Main Index | Thread Index | Old Index