On Wednesday, August 25, 2004 10:58:26 -0700 Chris Lonvick <clonvick%cisco.com@localhost> wrote:
It appears that there is some consensus about going back to our own namespce " diffie-hellman-groupN-sha1 " We have defined N=1 and N=2 so we could propose to the IANA that new ones - be created via the consensus method - N monotonically increases - once assigned, N must not be reused - future assignments not using DH and/or SHA1 may have entirely different formats. This will remove the proposal for the use of diffie-hellman-group14-sha1
(1) I don't see a need for a sub-registry. There is a registry of key exchange method names; that is all that is required. Saying "use these group numbers defined over here" made sense when the intent was to normalize our naming to reflect another existing registry. If we're not going to do that, than no more needs to be said.
(2) I still think it is a bad idea to continue the practice of using phrases like "group N" to mean completely different groups than the rest of the community means when they say "group N". I wonder how many times various members of this WG are going to have to explain that no, the group size is not inadequate, because by "group 2" we mean not the 1024-bit MODP group that everyone else means when they say "group 2", but instead a 2048-bit MODP group, which in the rest of the world is known as "group 14".
There is value in using the same names as other people. There is value in using them to mean the same things. Doing so is fundamental to successful communication.BTW, I seem to recall someone asking about how these group moduli were selected, and asking for a reference. The appropriate reference is RFC2412, appendix E, in which the original 5 well-known Oakley groups are defined. The appendix describes the algorithm in some detail, such that one could repeat the process and get the same values, or apply it to generate larger groups of arbitrary size. It also explains why that particular algorithm was chosen.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA