Ben Laurie writes:
Jack Lloyd wrote:
Check RFC 2412, draft-ietf-ipsec-ikev2-05.txt, and draft-ietf-ipsec-ike-modp-groups-05.txt However, I don't seen any primality proof certificates included in the texts.
I considered adding the ecpp certificates to
draft-ietf-ipsec-ike-modp-groups document, but as the certificates are
several magabytes in total, there is no point of adding them to this
kind of document (the document would be several hundred pages long
consisting only numbers...).
RFC 2412 looks good, however, as you say, no certificates are included, nor is it made clear that (p-1)/2 has been proven.
I-Ds are less useful to me, since I can't give a long-term reference for them :-(
The draft-ietf-ipsec-ike-modp-groups used to have pointer to the ftp site having the certificates (ftp://ftp.ssh.fi/pub/ietf/ecpp-certificates), but that was removed during the IESG review, because url references are not stable enough in general (the ftp://ftp.ssh.fi/pub/ietf/ecpp-certificates site is supposed to be there forever).
That site also includes certificates of modp groups from the RFC 2412 (and (p-1)/2 also).
Thanks.
I actually just finished finding the 16384 bit Diffie-Helman group with same kind of parameters. It took about 9.5 months to generate. The 12288 bit group took only about 15 days to generate.
I have to admit to surprise at the time involved - what s/w are you using to do the generating?
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]