[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed changes to ISAKMP/Oakley

To: IP Security List <ipsec@tis.com>
Subject: Re: proposed changes to ISAKMP/Oakley
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Date: Thu, 23 Oct 1997 12:48:33 -0400
Organization: UMass-Amherst Theoretical Computer Science Group, <http://www.cs.umass.edu/~thtml/>
References: Conversation <199710122213.PAA24340@dharkins-ss20> with last message <199710122213.PAA24340@dharkins-ss20> <MAPI.Id.0016.00622020202020203133314430303030@MAPI.to.RFC822>
Sender: owner-ipsec@ex.tis.com

Michael Bungert writes:
> I suggest to add not only EC2N groups but also elliptic curve
> groups over GF[p] with an odd prime p because these curves seem
> to be more favourable: EC groups over GF[p] can easily be
> implemented by using only ordinary modular arithmetic originally
> developed for RSA for example. Furthermore in contrast to char 2,
> use of this type of curves seems to be widely free of patents.

Please correct me if I'm mistaken, but I'm under the impression that EC 
operations over GF(p) (for large prime p) are noticeably more 
computationally expensive than the EC operations over fields of 
characteristic 2, for fields offering comparable cryptographic strength.
This sacrifice in run-time efficiency should be considered in balance 
with the cited advantages of operating mod p.

I'd be happy to see some EC groups defined over GF(p) for ISAKMP/Oakley,
but it's unclear to me thus far that using such groups is ultimately 
more favorable.

-Lewis

References:

proposed changes to ISAKMP/Oakley

From: Daniel Harkins <dharkins@cisco.com>

Re: proposed changes to ISAKMP/Oakley

From: Michael Bungert <Michael.Bungert@mchp.siemens.de>

Prev by Date: correction on Proxy IPsec
Next by Date: Re: draft of the ISAKMP/Oakley draft
Prev by thread: Re: proposed changes to ISAKMP/Oakley
Next by thread: Re: proposed changes to ISAKMP/Oakley
Index(es):
- Main
- Thread