Re: [TLS] MODP group modulus derivation [was: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

On Wed, 2014-03-12 at 00:25 +0000, Peter Gutmann wrote:

> This is from an early Oakley draft draft-ietf-ipsec-isakmp-oakley-03.txt that
> references another Oakley draft draft-ietf-ipsec-oakley-01.txt which, however,
> doesn't actually contain the text quoted above.  So I guess the reference
> would be [Citation needed ^ 2] or [Apocryphal ^ 2].

Actually, that text _does_ appear in RFC2412, in the introduction to
appendix E, where the first five well-known groups are defined.  The
groups defined in RFC3526 have the same structure, but while that
document does make reference to RFC2412, it does not actually claim the
same method was used to select them.  This should be relatively easy to
verify, however.

The MODP groups given in RFC5114 are taken from DSS and NIST SP-800-56A,
and do not have this same structure.  The RFC has nothing to say on how
they were selected, and my recollection from the last time I looked was
that the NIST publications don't say anything either.

-- Jeff