Re: Proposal for new DH Groups 6, 7, and 8

[Will Price <wprice@cyphers.net>]

Paul Hoffman wrote:
> 
> At 10:22 PM 2/4/00 -0800, Will Price wrote:
> >There was much discussion at the recent bakeoff regarding DH prime
> >lengths.  It was good to see that a number of people were implementing
> >Group 5, and all but one vendor that I found anyway (who actually changed
> >this during the bakeoff I believe) was doing at least Group 2.
> 
> You were lucky, then. Of the 41 companies who said they did certificates,
> only 15 said they did group 5.

15 is "a number".  It's certainly a lot more than were doing Group 5 at
the May bakeoff.

> This is not to say that we don't need bigger DH groups, just that we
> shouldn't be smug about our current state of affairs.

I'm trying to be on the glass is half full side of things to help
encourage others to move up.

Quite frankly, if it were not for compatibility reasons we would have
removed all primes below 1536 bits awhile ago for security reasons (we
would never release a product with group 1 of course, that was just too
weak).  Thus in anticipation of the happy day when we feel comfortable
removing group 2, it's high time to get some larger primes agreed upon.

-- Will

Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
Direct  (408)346-5906
Cell/VM (650)533-0399

---

References:

• Re: Proposal for new DH Groups 6, 7, and 8
• From: Paul Hoffman <paul.hoffman@vpnc.org>

---

• Prev by Date: Re: Proposal for new DH Groups 6, 7, and 8
• Next by Date: Re: Proposal for new DH Groups 6, 7, and 8
• Prev by thread: Re: Proposal for new DH Groups 6, 7, and 8
• Next by thread: Re: Proposal for new DH Groups 6, 7, and 8
• Index(es):
  • Main
  • Thread