On Sat, Jul 31, 2021 at 12:57:39PM +0000, Peter Gutmann wrote:
> Viktor Dukhovni <[email protected]> writes:
>
> >I strongly doubt there's a non-negligible server population with weak locally
> >generated groups.
>
> Would you care to rephrase that so we can make sure you're saying what we
> think you're saying in order to disagree with it?
OK, who goes around bothering to actually generate custom DH parameters,
and with what tools, but then does not use a "strong" (Sophie Germain)
prime?
The only weakness I expect to encounter is a deprecated size of e.g.
512, 768 or 1024 bits. Clients can easily detect that and enforce a
floor, but of course still don't get to negotiate a minimum.
Clients also don't get to negotiate the size of the server's RSA public
key, or as you mentioned various other ways for the server to not screw
up.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
