On Sat, Sep 05, 2015 at 07:41:11AM +0000, Alfonso De Gregorio wrote: > Sure, the questions are: What is the origin of the current wording of > the standard, that opens an avenue for lax checks for group > parameters? Or, if, as you correctly pointed out, an implementation > MAY NOT check group parameters, which entity deserves credit for it? >
IMHO I haven't demonstrated attack against DH yet (believe it is possible). The current examples are against DSA, not DH.
