Peter Saint-Andre - &yet <[email protected]> wrote: > OLD <snip>
> o There are no protocol mechanisms to negotiate the DH groups or > parameter lengths supported by client and server. > > o Many servers choose DH parameters of 1024 bits or fewer. > > o There are widely deployed client implementations that reject > received DH parameters if they are longer than 1024 bits. > > NEW <snip> > o There are no protocol mechanisms to negotiate the DH groups or > parameter lengths supported by client and server. > > o There are widely deployed client implementations that reject > received DH parameters if they are longer than 1024 bits. In > addition, several implementations do not perform appropriate > validation of group parameters and are vulnerable to attacks > referenced in section 2.9 of [UTA-Attacks]." > > I don't agree with removing the second bullet, but the rest seems relatively > uncontroversial to me. Peter, I believe that Joe's suggested text was written before the second bullet was added. The second bullet was added during this final WGCL in response to a request by myself. In other words, this is just a merge conflict, which is best resolved by merging the second bullet into Joe's suggested text. Cheers, Brian _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
