On Tuesday, June 15, 2004 18:04:50 +0200 Niels Möller <nisse%lysator.liu.se@localhost> wrote:
Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:If we make "groupN" a parameter, the text changes somewhat: "For any N>2, if RFC2412 or its successors define Oakley group N as a MODP group, then diffie-hellman-groupN-FOO specifies Diffie-HellmanAs far as I'm aware, the requirement above that a group is of the "modp" kind is unnecessary. Not that I'm planning to implementing any more fancy groups (like EC, discussed some weeks ago) anytime soon, but SSH diffie-hellman exchange should work fine with any group where the DH-problem is hard. For groups where it's not obvious how to represent an element as a single bignum, the mapping from group elements to byte strings would also have to be specified somewhere, of course.
Sure; there's certainly no reason other groups wouldn't work. But as you note, the wire representation of group elements would have to be defined for those groups where they're not single integers, including EC groups. In addition, the method description in section 8 embeds the MODP group operation; for this method to be well-defined with other groups, the description would have to be generalized.
Really, I don't expect there will be any new ECP or EC2N Oakley groups. But the existing groups 3 and 4 are both EC2N groups, and I didn't want to give anyone ideas about trying to use these groups when the protocol is not well-defined for them.
-- Jeff