[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Another pothole in ISAKMP/Oakley

To: ipsec@tis.com, carrel@ipsec.org, dharkins@cisco.com, ho@earth.hpc.org
Subject: Another pothole in ISAKMP/Oakley
From: "David P. Jablon" <dpj@world.std.com>
Date: Tue, 15 Apr 1997 16:07:49 -0400
In-Reply-To: <199704151350.JAA26384@earth.hpc.org>
References: <Yourmessage <199704150414.VAA27630@baskerville.CS.Arizona.EDU>
Sender: owner-ipsec@ex.tis.com

Another pothole of note in ISAKMP is Diffie-Hellman
small-subgroup confinement.

Although ISAKMP refers to X9.42, which I believe will
have a description of how to avoid the problem, it
should also probably be mentioned in some IETF document
relevant to DH in ISAKMP.  There are just too many published
descriptions of DH that fail to mention the problem, so that
there's a good chance of trapping an unwary implementor.

-- David

Follow-Ups:

Re: Another pothole in ISAKMP/Oakley

From: Daniel Harkins <dharkins@cisco.com>

References:

Re: A pothole in ISAKMP/Oakley

From: ho@earth.hpc.org (Hilarie Orman)

Prev by Date: Re: A pothole in ISAKMP/Oakley
Next by Date: Re: A pothole in ISAKMP/Oakley
Prev by thread: Re: A pothole in ISAKMP/Oakley
Next by thread: Re: Another pothole in ISAKMP/Oakley
Index(es):
- Main
- Thread