[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposal for new DH Groups 6, 7, and 8
Will Price wrote:
> Sounds fine to me. I'm far more concerned with reaching agreement on
> larger primes and getting ID numbers assigned than in which primes get
> used.
>
> It was also pointed out off the list that there is an existing draft for
> 6, 7, 8, and 9 in the EC space. Thus, these DH primes should be 10, 11,
> and 12.
>
> So, let's move this forward. Do you want to write those primes up as a
> draft or can Dan include them in the next IKE-01 draft?
>
> Tero Kivinen wrote:
> >
> > Will Price writes:
> > > I would like to propose three new DH Groups for IKE of 2048, 3072, and
> > > 4096 bits. This should adequately cover all foreseeable future needs.
> I
> > > have included documentation on the generation of these primes which
> were
> > > originally generated for PGPfone, and there is an interesting story
> about
> > > how they were generated at the end of this message.
> >
> > I think those primes should be generated in the same way the primes
> > currently in the IKE are generated, i.e to have format of
> > [... alternate primes...]
>
> --
>
> Will Price, Director of Engineering
> PGP Security, Inc.
> a division of Network Associates, Inc.
> Direct (408)346-5906
> Cell/VM (650)533-0399
Hi,
Yes, there is an existing draft for EC groups labed #6, 7, 8, 9 - draft-ietf-ipsec-ike-ecc-groups-01.txt
Dan, the above draft has been available for a while, and if there are no comments,
we should proceed to publishing it as an RFC, or include the groups
(along with the new proposed DH groups) in the next IKE draft.
What does everyone else think?
Thanks,
Yuri Poeluev
Certicom Corp.
Follow-Ups: