[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another pothole in ISAKMP/Oakley
OK, but for a Sophie Germaine prime, (g^a)^q = +- 1, so a check for this
is sufficient, as is authentication of the offered exponentials.
I can see adding the +-1 check to the spec, just for belt and suspenders.
The EC group recommended in the original Oakley has a subgroup of order 12;
I suppose that before using it one should be warned to implement the
small group check, again as belt and suspenders.
Hilarie
References: