[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another pothole in ISAKMP/Oakley
David,
Is this really a pothole in ISAKMP/Oakley?
> Another pothole of note in ISAKMP is Diffie-Hellman
> small-subgroup confinement.
>
> Although ISAKMP refers to X9.42, which I believe will
> have a description of how to avoid the problem, it
> should also probably be mentioned in some IETF document
> relevant to DH in ISAKMP. There are just too many published
> descriptions of DH that fail to mention the problem, so that
> there's a good chance of trapping an unwary implementor.
Are you suggesting a reference to X9.42 in the ISAKMP/Oakley
document? Also, for the benefit of those of us who are not
cryptographers, can you elaborate on the problem of "small
sub-group confinement" and how ISAKMP/Oakley fails to address it?
thanks,
Dan.
Follow-Ups:
References: