[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rijndael selected as AES



Will Price writes:
> Has it occurred to anyone the silliness of adding AES to IPsec/IKE without
> adding larger primes to IKE? There was a discussion in March on this list
> with regards to larger primes, but it died out around the time someone
> would need to have written a draft. I believe Tero did post the larger DH
> primes to the list. Any volunteers to write that up?

I can put those groups we generated to the draft and send it next
week. I don't think it is going to be practical to include groups
bigger than 4096 bits now, as using them is going to be too slow, and
generating them is going to take a long time...

I was planning to add 2048, 3072 and 4096 bit groups, and also
document the 1536 bit group (it is not currently documented anywhere).
Is there any need for any other group sizes less than 4096 bits?
-- 
kivinen@ssh.fi                               Work : +358 303 9870
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/


References: