> On 17 Oct 2016, at 19:19, Paul Wouters <p...@nohats.ca> wrote:
> On Mon, 17 Oct 2016, Yoav Nir wrote:
>> I’m not entirely comfortable with calling something a MUST NOT when all we 
>> have is conjecture,
> It's a little more than conjecture.
> 1) It has been proven that malicious 1024 bit DH values can be generated
>   by academia that cannot be independantly discovered. Therefore any
>   nationstate with access to the same theory and more CPU power could
>   have done this years ago.

Someone can trapdoor 1024-bit values, therefore someone else can trapdoor 
2048-bit values.

> 2) We have the RFC 5114 values who'se original authors/sponsors are not
>   disclosing how these were generated.
> 1) + 2) means we cannot know if these values were trapdoor’ed.

Yeah, we cannot know. That’s why it’s conjecture.


IPsec mailing list

Reply via email to