Sec 2.2:
It MUST check both that the peer's public value is in range (1 < r
< p-1) and that r**q = 1 mod p (where q is the size of the
subgroup, as listed in the RFC).
Would it make sense to specify a more economical test for strong prime
groups?
If q is meant to be p = q*2+1, there are only two possibilities for the
value < p-1 received from the peer to be in the wrong subgroup. One of
them is 1, which is ruled out by the check above. Another one is g^q.
It's a fixed quantity for the given modp group. Seems like a memcmp with
a fixed quantity g^q is the best way to address the problem.
On 04/08/2013 02:46 PM, Paul Hoffman wrote:
[[ So far, we have received only *one* review of this document, from Tero. If
we don't receive more reviews, the document might not progress due to lack of
interest. Please review this document within the next week and contribute your
review to the list. ]]
Greetings. This is the start of the WG Last Call for
draft-ietf-ipsecme-dh-checks; the WG period will end in two weeks, on April 15.
The current draft is available at
http://tools.ietf.org/html/draft-ietf-ipsecme-dh-checks-01
Given that this will be a Standards Track document, it is important for it to
be reviewed by as many people as possible. Possible results of individual
reviewing the document are:
- "Looks fine, please publish"
- "Looks fine, here are some comments"
- "Has some problems, here they are"
- Other things of that sort
Many people on this mailing list are IPsec implementers but are mostly or
completely silent on the mailing list. If you are one of those people, doing a
WG Last Call review is a good way to participate usefully in the WG. Please
strongly consider (a) reading the current draft and (b) sending a message to
the list with your short or long review. If there are too few reviews on this
document, we could get pushback from the IESG about the document.
--Paul Hoffman
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
