[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL

To: IP Security List <ipsec@tis.com>
Subject: Re: IPSEC WORKING GROUP LAST CALL
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Date: Sat, 21 Feb 1998 04:25:06 -0500
CC: Hilarie Orman <ho@earth.hpc.org>
Organization: UMass-Amherst Theoretical Computer Science Group, <http://www.cs.umass.edu/~thtml/>
References: <199802182350.SAA14498@dcl.MIT.EDU>
Sender: owner-ipsec@ex.tis.com

Here are a couple of textual inconsistencies in the Oakley document 
<draft-ietf-ipsec-oakley-02.txt>:

[1] There's an entry for a non-existent group in the list of Well-Known 
Groups at the top of Appendix E.

current text:
>    The group identifiers:
> 
>       0   No group (used as a placeholder and for non-DH exchanges)
>       1   A modular exponentiation group with a 768 bit modulus
>       2   A modular exponentiation group with a 1024 bit modulus
>       3   A modular exponentiation group with a 1536 bit modulus (TBD)
>       4   An elliptic curve group over GF[2^155]
>       5   An elliptic curve group over GF[2^185]

There's no such 1536-bit MODP group defined in the draft. 
Presumably this entry should be deleted, unless someone plans to
determine the group within the next few days. The renumbered list would
be:

suggested text:
_       0   No group (used as a placeholder and for non-DH exchanges)
_       1   A modular exponentiation group with a 768 bit modulus
_       2   A modular exponentiation group with a 1024 bit modulus
_       3   An elliptic curve group over GF[2^155]
_       4   An elliptic curve group over GF[2^185]


[2] Sect. 2.2.2 refers to some non-existent groups in its description 
of GRP:

current text:
>    GRP is a name (32-bit value) for the group and its relevant
>    parameters: the size of the integers, the arithmetic operation, and
>    the generator element.  There are a few pre-defined GRP's (for 768
>    bit modular exponentiation groups, 1024 bit modexp, 2048 bit modexp,
>    155-bit and 210-bit elliptic curves, see Appendix E), but
>    participants can share other group descriptions in a later protocol
>    stage (see the section NEW GROUP).  [...]

There's no 2048-bit MODP group defined, nor is there a 210-bit 
elliptic curve group. Probably it would be simplest to omit all 
mention of specific groups in this section, e.g.:

suggested text:
_    GRP is a name (32-bit value) for the group and its relevant
_    parameters: the size of the integers, the arithmetic operation, and
_    the generator element.  There are a few pre-defined GRP's (see 
_    Appendix E), but participants can share other group descriptions in
_    a later protocol stage (see the section NEW GROUP).  [...]

-Lewis  <pseudonym@acm.org>  <http://www.cs.umass.edu/~lmccarth>

References:

IPSEC WORKING GROUP LAST CALL

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: Re: Regrouping for IPSEC WORKING GROUP LAST CALL
Next by Date: Re: IPSEC WORKING GROUP LAST CALL
Prev by thread: Re: IPSEC WORKING GROUP LAST CALL
Next by thread: Re: IPSEC WORKING GROUP LAST CALL
Index(es):
- Main
- Thread