[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft of the ISAKMP/Oakley draft
Michael,
> I have two comments on your new draft.
>
> 1) A reference for the GSSAPI stuff is missing.
OK.
> 2) Last week I sent an e-mail to you and the list suggesting to add
> EC groups over GF(p) to the ISAKMP/Oakley draft. Up to now I
> haven't received any comment. Perhaps I should clarify my point:
> I believe that elliptic curves will be very important in the future
> and I support the addition of elliptic curve groups as optional
> D-H groups in the draft. However, I think that one should add
> examples for both 'types' of these curves, i.e., curves over GF(2^N)
> as well as curves over GF(p). GF(p) curves are more favourable in
> the ISAKMP/Oakley context because they are easier to implement
> since the necessary mod p arithmetic must always be supported by
> an ISAKMP/Oakley implementation.
> For curves over GF(2^N) an additional GF(2^N) arithmetic must be
> implemented. Furthermore, there are several patents covering
> different aspects of GF(2^N) arithmetic.
>
> I would appreciate a comment from you.
>
> P.S. If you don't have examples for 'strong' curves over GF(p) we
> can provide them.
I agree that it would be nice to have examples of all types of groups
in the draft but...
I can't escape the thought that there should be some Informational RFC
somewhere that describes 'strong' groups. It has GF[p] groups, and better
GF[2^N] groups and a 2048-bit MODP group and.... The reserved Group
Description number space can be signed over to this RFC. I'd even entertain
the thought of moving all but one group from the ISAKMP/Oakley draft there.
I'd rather that the ISAKMP/Oakley draft not include too many groups
(and it does already) because it's a distraction from the protocol
definition. It has the capability to use bigger, faster, stronger
groups if they exist. And they should exist in some Informational RFC
that cryptographers and number theorists can all throw darts at.
Dan.
Follow-Ups:
References: