[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Small subgroups and ISAKMP/Oakley

To: IP Security List <ipsec@tis.com>
Subject: Re: Small subgroups and ISAKMP/Oakley
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Date: Wed, 16 Apr 1997 21:52:41 -0400
Organization: Theoretical Computer Science Group, UMass-Amherst, <http://www.cs.umass.edu/~thtml/>
References: <s3550978.073@novell.com>
Sender: owner-ipsec@ex.tis.com

John Kennedy writes:
> During X9.42 development discussion it was not necessarily a 
> man-in-the-middle that was feared with regards to the small sub-group 
> attack.  Conceivably, one of the communicating parties could send a 
> "bad" public number on purpose.  Is this a realistic scenario?  

One of the legitimate parties might be a broken implementation that
doesn't correctly check whether it has computed a public exponential 
that lies in the small subgroup. 

-Lewis

References:

Small subgroups and ISAKMP/Oakley

From: John Kennedy <JKENNEDY@novell.com>

Prev by Date: Re: Small subgroups and ISAKMP/Oakley
Next by Date: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Prev by thread: Small subgroups and ISAKMP/Oakley
Next by thread: Re: Small subgroups and ISAKMP/Oakley
Index(es):
- Main
- Thread