Re: [psg.com #460] IESG - Transport - Oakley

To: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Subject: Re: [psg.com #460] IESG - Transport - Oakley
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 12 Jun 2004 20:15:16 +0200

der Mouse <mouse%Rodents.Montreal.QC.CA@localhost> writes:

> > As for larger groups, we have three choices:
> 
> >  - specify diffie-hellman-group14-sha1 and make it MANDATORY to implement
> >  - make diffie-hellman-group-exchange-sha1 MANDATORY to implement
> >  - both of the above
> 
> As an implementor, I would argue for the first of these.  Getting
> diffie-hellman-group-exchange-sha1 right is a good deal more
> complicated than simply using another fixed group.

I also argue this way. If we need to change anything at all at this
stage (and it seems the IESG has a valid concern), then I think we
should do it the simple way and get it over with.

Mandating one more fix group, diffie-hellman-group14-sha1, is a simple
change to the spec, and a 20-line change to update an implementation.

Is it still appropriate to use sha1 (rather than sha256) with group
14? Staying with sha1 has the advantage that it reduces the number of
cryptographic algorithms that must be included in a minimalistic
implementation of the protocol.

Regards,
/Niels

Follow-Ups:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Damien Miller

References:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Bill Sommerfeld
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Markus Friedl
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Chris Lonvick
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: der Mouse

Prev by Date: Re: [psg.com #460] IESG - Transport - Oakley
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley
Previous by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Next by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Indexes:

Home | Main Index | Thread Index | Old Index