[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another pothole in ISAKMP/Oakley



  David,

  Is this really a pothole in ISAKMP/Oakley?

> Another pothole of note in ISAKMP is Diffie-Hellman
> small-subgroup confinement.
> 
> Although ISAKMP refers to X9.42, which I believe will
> have a description of how to avoid the problem, it
> should also probably be mentioned in some IETF document
> relevant to DH in ISAKMP.  There are just too many published
> descriptions of DH that fail to mention the problem, so that
> there's a good chance of trapping an unwary implementor.

  Are you suggesting a reference to X9.42 in the ISAKMP/Oakley
document? Also, for the benefit of those of us who are not
cryptographers, can you elaborate on the problem of "small
sub-group confinement" and how ISAKMP/Oakley fails to address it?

  thanks,

    Dan.



Follow-Ups: References: