[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nonce lengths in ISAKMP messages

To: IP Security List <ipsec@tis.com>
Subject: Re: Nonce lengths in ISAKMP messages
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Date: Tue, 30 Sep 1997 23:02:19 -0400
CC: "Sumit A. Vakil" <svakil@usr.com>
Organization: UMass-Amherst Theoretical Computer Science Group, <http://www.cs.umass.edu/~thtml/>
References: <4317A800.3000@usr.com>
Sender: owner-ipsec@ex.tis.com

Sumit,

>      And, sections E.1 and E.2 of the same draft state that the 
>      strength of the 768 bit and 1024 bit MODP groups is 26.
[...]

26 is an identifier for the group description property "strength of 
group", not an actual value of this property for any particular group. 
(I think it's called an "attribute class value", but my standardese may 
well be wrong.) The actual strength of a particular group is listed
in that group's descriptor under the "Data (hex)" subheading of the
"Strength of group" heading. So for example Well-Known Group 1 (the
768-bit MODP group) has strength 0x42 --- 66 in decimal. 

I had the same confusion when I first read Appendix E.

-Lewis

References:

Nonce lengths in ISAKMP messages

From: svakil@usr.com

Prev by Date: Re: ISAKMP Notification with an SA for Lifetimes
Prev by thread: Nonce lengths in ISAKMP messages
Next by thread: ISAKMP Notification with an SA for Lifetimes
Index(es):
- Main
- Thread