[mailto:dbr...@certicom.com]
Sent: Tuesday, April 09, 2013 1:09 PM
To: 'Michael Richardson'
Cc: IPsecme WG; Scott Fluhrer (sfluhrer)
Subject: RE: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org
On Apr 9, 2013, at 1:13 PM, Dan Harkins dhark...@lounge.org wrote:
I think it looks fine and I have a nit that the authors can ignore
if they like.
I don't like the fact that RFC 5903 does not list a specific value for
a in the parameter set definition and instead just says -3 in the
Paul == Paul Hoffman paul.hoff...@vpnc.org writes:
Paul +1 to now that you understand it, please show where you were
Paul confused before so that we can close out the document and
Paul move it to the IETF.
sorry, day job got in the way.
rereading section 2.1/2.2 again.
This
Looks fine, please publish
Johannes
[[ So far, we have received only *one* review of this document, from Tero. If
we don't receive more reviews, the document might not progress due to lack of
interest. Please review this document within the next week and contribute
your review to the
sfluhrer == sfluhrer Scott writes:
I read draft-ietf-ipsecme-dh-checks-01.
I am not competent to understand if this addresses a real problem.
I understood that (1 r p-1) is a test that many implementors did not
do.I think that most implementations generated r from a
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Michael Richardson
Aha so:
o It MUST check both that the peer's public value is in range (1
r
p-1) and that r**q = 1 mod p (where q is the size of the
...
o It MUST
Dan == Dan Brown dbr...@certicom.com writes:
Perhaps these things belong in seperate sections.
It seems that from the receiver of g^x's point of view, point two
repeats point one, since the receiver is not in a position to know if
the DH private value was reused.
Dan
Hi
tl;dr: Looks fine, please publish
I am not a cryptographer and not competent to comment on the issues that this
draft is trying to solve or on the quality of this solution.
Speaking strictly as a developer, the text is clear and understandable. Doing
the mental exercise of estimating what
, April 08, 2013 6:46 PM
To: ipsec@ietf.org
Subject: Re: [IPsec] NUDGE: WG Last Call for
draft-ietf-ipsecme-dh-checks
Sec 2.2:
It MUST check both that the peer's public value is in range (1 r
p-1) and that r**q = 1 mod p (where q is the size of the
subgroup, as listed in the RFC
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Michael Richardson
Sent: Tuesday, April 09, 2013 10:34 AM
Dan [DB] The concern is that receiver wants to protect her own
Dan reused private key from an invalid public key from a
-Original Message-
From: Dan Brown [mailto:dbr...@certicom.com]
Sent: Tuesday, April 09, 2013 1:09 PM
To: 'Michael Richardson'
Cc: IPsecme WG; Scott Fluhrer (sfluhrer)
Subject: RE: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
-Original Message-
From
Hello,
I think it looks fine and I have a nit that the authors can ignore
if they like.
I don't like the fact that RFC 5903 does not list a specific value for
a in the parameter set definition and instead just says -3 in the
equation for the curve. This draft does the same sort of thing
[[ So far, we have received only *one* review of this document, from Tero. If
we don't receive more reviews, the document might not progress due to lack of
interest. Please review this document within the next week and contribute your
review to the list. ]]
Greetings. This is the start of the
Looks fine, please publish.
- Original Message -
From: Paul Hoffman [mailto:paul.hoff...@vpnc.org]
Sent: Monday, April 08, 2013 05:46 PM Eastern Standard Time
To: IPsecme WG ipsec@ietf.org
Subject: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
[[ So far, we have received
Sec 2.2:
It MUST check both that the peer's public value is in range (1 r
p-1) and that r**q = 1 mod p (where q is the size of the
subgroup, as listed in the RFC).
Would it make sense to specify a more economical test for strong prime
groups?
If q is meant to be p = q*2+1,
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Andrey Jivsov
Sent: Monday, April 08, 2013 6:46 PM
To: ipsec@ietf.org
Subject: Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
Sec 2.2:
It MUST check both
of the two values.
On 04/08/2013 04:15 PM, Scott Fluhrer (sfluhrer) wrote:
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Andrey Jivsov
Sent: Monday, April 08, 2013 6:46 PM
To: ipsec@ietf.org
Subject: Re: [IPsec] NUDGE: WG Last Call for draft
I read draft-ietf-ipsecme-dh-checks-01.
I am not competent to understand if this addresses a real problem.
I understood that (1 r p-1) is a test that many implementors did not
do.I think that most implementations generated r from a PRNG.
I have not implemented ECDSA, but the instructions
18 matches
Mail list logo
