[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Larger DH groups?

To: "Simon Blake-Wilson" <sblakewilson@certicom.com>
Subject: Re: Larger DH groups?
From: Dan Harkins <dharkins@cips.nokia.com>
Date: Thu, 05 Oct 2000 11:58:16 -0700
cc: Ari Huttunen <Ari.Huttunen@F-Secure.com>, ipsec <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Thu, 05 Oct 2000 12:08:23 EDT." <8525696F.005896D3.00@smtpmail.certicom.com>
Sender: owner-ipsec@lists.tislabs.com

  While updating the "Additional ECC groups for IKE" draft can you unqualify
your IP statement? Do you or do you not have patents that cover this? It
would be nice if there was a one syllable response to the question "is a
license from Certicom essential to implement these curves?" 

  Also, in the AES assigned numbers thread it became obvious that certain
vendors have been assigning numbers which are reserved to IANA to their
own use of algorithms. I'd like to note that you are repeating this error 
in your draft and respectfully ask you to use numbers from the private use 
range for all the groups in this draft. Section 11.4 of RFC2409 describes 
the procedure necessary for you to follow to get IANA to assign number to
you. 

  Dan.

On Thu, 05 Oct 2000 12:08:23 EDT you wrote
> 
> Diffie-Hellman is a cubic operation, so I believe 15000-bit DH should take about
> 15^3 approx=3000 times as long as 1000-bit DH, and 512-bit ECDH should take
> about 25 times as long as 160-bit ECC. We don't have implementations of
> 15000-bit DH but we do have 512-bit ECDH and our performance roughly follows the
> estimates. (In fact we're in the process of adding 512-bit curves to our
> "Additional ECC groups for IKE" draft so that it has complete AES support.)
> 
> Best regards. Simon
> 
> S. Blake-Wilson
> Certicom Corp.
> 
> 
> 
> 
> 
> Ari Huttunen <Ari.Huttunen@F-Secure.com> on 10/05/2000 11:02:42 AM
> 
> To:   ipsec <ipsec@lists.tislabs.com>
> cc:    (bcc: Simon Blake-Wilson/Certicom)
> Subject:  Larger DH groups?
> 
> 
> 
> 
> Are there plans/interest in specifying larger standard DH groups, now that
> the AES has been chosen?
> 
> If so, what sizes would be appropriate? Tero earlier posted groups of
> 2000-4000 bits, the draft for AES talks about 14000. Anybody know just
> how slow would 14000 bit modulus be? (I can guess it's something between
> extremely slow and ridiculously slow..) What about the speed of a 500 bit EC2N?
> 
> Ari
> 
> --
> Ari Huttunen                   phone: +358 9 859 900
> Senior Software Engineer       fax  : +358 9 8599 0452
> 
> F-Secure Corporation       http://www.F-Secure.com
> 
> F-Secure products: Integrated Solutions for Enterprise Security

References:

Re: Larger DH groups?

From: "Simon Blake-Wilson" <sblakewilson@certicom.com>

Prev by Date: Re: Larger DH groups?
Next by Date: Re: counter mode
Prev by thread: Re: Larger DH groups?
Next by thread: Re: Larger DH groups?
Index(es):
- Main
- Thread