Opened 16 years ago

Closed 15 years ago

#35 closed clarification (fixed)

Clarify DH calculations

Reported by: pasi.eronen@… Owned by:
Priority: minor Milestone: DISCUSS
Component: draft-ietf-tls-rfc4346-bis Version: 02
Severity: Keywords:
Cc:

Description

http://www1.ietf.org/mail-archive/web/tls/current/msg01115.html

IMHO it probably would make sense for a TLS implementation
to use one of the groups specified in RFC 4306 or 3526,
instead of e.g.  generating a random prime p (generating
random primes is kind of slow, and then you have to worry
about RFC 2785 etc.).

(Would others agree with this recommendation? Should we add
it to the TLS 1.2 spec?)

http://www1.ietf.org/mail-archive/web/tls/current/msg01116.html

Just one group? Or allow choosing the group like in IKE?
<snip>
Makes perfect sense to me!

http://www1.ietf.org/mail-archive/web/tls/current/msg01121.html

Should we recommend using larger moduli in the Diffie-Hellman
key exchange methods?  And should we encourage checking the
size of the ServerDHParams.p when acting as a client to make
sure it is not too small?

Change History (3)

comment:1 Changed 15 years ago by ekr@…

  • Milestone set to Maybe never

comment:2 Changed 15 years ago by ekr@…

I'd prefer not to get into this in the TLS spec. If someone wants to write a general "these are good DH parameters" that's fine but I don't think this is TLS-specific.

comment:3 Changed 15 years ago by ekr@…

  • Resolution set to fixed
  • Status changed from new to closed

I think this got settled or at least everyone got worn out on the TLS ML.

Note: See TracTickets for help on using tickets.