On 12/2/14, 10:12 AM, Joseph Salowey wrote:
On Mon, Dec 1, 2014 at 10:57 PM, Brian Smith <[email protected] <mailto:[email protected]>> wrote: Peter Saint-Andre - &yet <[email protected] <mailto:[email protected]>> wrote: > OLD <snip> > o There are no protocol mechanisms to negotiate the DH groups or > parameter lengths supported by client and server. > > o Many servers choose DH parameters of 1024 bits or fewer. > > o There are widely deployed client implementations that reject > received DH parameters if they are longer than 1024 bits. > > NEW <snip> > o There are no protocol mechanisms to negotiate the DH groups or > parameter lengths supported by client and server. > > o There are widely deployed client implementations that reject > received DH parameters if they are longer than 1024 bits. In > addition, several implementations do not perform appropriate > validation of group parameters and are vulnerable to attacks > referenced in section 2.9 of [UTA-Attacks]." > > I don't agree with removing the second bullet, but the rest seems relatively > uncontroversial to me. Peter, I believe that Joe's suggested text was written before the second bullet was added. The second bullet was added during this final WGCL in response to a request by myself. In other words, this is just a merge conflict, which is best resolved by merging the second bullet into Joe's suggested text. [Joe] I'm OK with the second bullet. I'm not sure if it was not there when I reviewed it or if I left it out for not good reason I can think of.
Joe, thanks for the clarification. Peter -- Peter Saint-Andre https://andyet.com/ _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
