> On 17 Oct 2016, at 19:19, Paul Wouters <p...@nohats.ca> wrote:
> On Mon, 17 Oct 2016, Yoav Nir wrote:
>> I’m not entirely comfortable with calling something a MUST NOT when all we
>> have is conjecture,
> It's a little more than conjecture.
> 1) It has been proven that malicious 1024 bit DH values can be generated
> by academia that cannot be independantly discovered. Therefore any
> nationstate with access to the same theory and more CPU power could
> have done this years ago.
Someone can trapdoor 1024-bit values, therefore someone else can trapdoor
> 2) We have the RFC 5114 values who'se original authors/sponsors are not
> disclosing how these were generated.
> 1) + 2) means we cannot know if these values were trapdoor’ed.
Yeah, we cannot know. That’s why it’s conjecture.
IPsec mailing list