> On 17 Oct 2016, at 19:19, Paul Wouters <p...@nohats.ca> wrote:
> 
> On Mon, 17 Oct 2016, Yoav Nir wrote:
> 
>> I’m not entirely comfortable with calling something a MUST NOT when all we 
>> have is conjecture,
> 
> It's a little more than conjecture.
> 
> 1) It has been proven that malicious 1024 bit DH values can be generated
>   by academia that cannot be independantly discovered. Therefore any
>   nationstate with access to the same theory and more CPU power could
>   have done this years ago.

Someone can trapdoor 1024-bit values, therefore someone else can trapdoor 
2048-bit values.

> 2) We have the RFC 5114 values who'se original authors/sponsors are not
>   disclosing how these were generated.
> 
> 1) + 2) means we cannot know if these values were trapdoor’ed.

Yeah, we cannot know. That’s why it’s conjecture.

Yoav

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to