Re: [Cfrg] What groups to use for Diffie Hellman?

Yoav Nir <ynir.ietf@gmail.com> Mon, 31 October 2016 19:57 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CED8129AA7 for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 12:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0aVbROG-WRG8 for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 12:57:33 -0700 (PDT)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3D38129ADD for <cfrg@irtf.org>; Mon, 31 Oct 2016 12:57:20 -0700 (PDT)
Received: by mail-wm0-x22a.google.com with SMTP id n67so249598709wme.1 for <cfrg@irtf.org>; Mon, 31 Oct 2016 12:57:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=0n66IMOGaimv+2rDtoCCexnHb4lkjoZtinMYnYSgF38=; b=foUz6fQV9InykDKd0ehKChelXtHpgp4QUHE4phJAjjGqK7t94XxNjcQRrJ6lZVEq27 C2CpgY66FO2NMfF+72RRffZWC+BF4dVuhv6NEH4mlOBXjYeB9e2zYM96CUPRE6PXMQyP 0qB+TlUA+uQA7A3gnyhHMakP/+HfkJW+rtqMK8l9/chHQPrXzL1goY6N1qr/J36PQWww Jbo3mzohm64CDR05JZzC9dCXYVbWy6K/WZUawfAcb8cMqFOjt2iI65ahVlfkM4wGpo+U 3VGp5uyM8fKKVL7HVHN2XzFFeQc8770VPnQ/IvUWzkCGlIeO6Y4WXnOmOJT6AesRoaV1 3URQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=0n66IMOGaimv+2rDtoCCexnHb4lkjoZtinMYnYSgF38=; b=WPHv/ySnHcId05vsIcYXPGLnRMi069/X317KjiChcryWuLNd/7MuBvdtiQ7lmqEZpw TwBdWUKbJayAt4kNJLNJnnnpcQ8gnY5urYGbbgvsxKd8CVb9nocNNbpcwdtow/gWv55y u/EhYEGVt4/LnPGTTm8xgwHzxmor8jNa1qhws77UEVB8bYMepAElu2Tp7VynYFNDz6OX 20aKHAFbxD8RgzsdUMqelqXd/9MBt7yn/rRSTn7RQZzOm06ro18ruSSOWZ+lCHj35DUt p177a/2Udgn4RWVmBbxau5NPxCi8XGa0ILg1sN6+MjML3D1IcVVlwIE9SJmiunrmnrJK 7f7A==
X-Gm-Message-State: ABUngvfHFZwUqgaWzXcTQXVdlY2VTQfMEsCc9PoLWrEvdPTamNjlqpdD7wPNLwweiXanNQ==
X-Received: by 10.28.180.138 with SMTP id d132mr12920591wmf.122.1477943839370; Mon, 31 Oct 2016 12:57:19 -0700 (PDT)
Received: from [192.168.1.13] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id a11sm11232644wma.22.2016.10.31.12.57.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 31 Oct 2016 12:57:18 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAMm+LwgyShUA5myF300DpXHh86Uit7s0qLf4No6JaYnMr2MO2A@mail.gmail.com>
Date: Mon, 31 Oct 2016 21:57:16 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D532AD1-854A-4E46-A9B9-71AAB5C6DCF4@gmail.com>
References: <2021131477880034@web36j.yandex.ru> <1477908451687.11388@cs.auckland.ac.nz> <CAMm+LwgyShUA5myF300DpXHh86Uit7s0qLf4No6JaYnMr2MO2A@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/j0xa3NIdQwRi7mgnbGHIu6OqtC4>
Cc: jonas weber <jonasweber86@yandex.com>, "cfrg@irtf.org" <cfrg@irtf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Subject: Re: [Cfrg] What groups to use for Diffie Hellman?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 19:57:35 -0000

On 31 Oct 2016, at 20:45, Phillip Hallam-Baker <phill@hallambaker.com> wrote:

> Based on my conversations with NSA folk, the governing doctrine is 'NOBUS' nobody but us. Introducing a weakness that only the NSA could exploit with hidden knowledge nobody else could discover independently is one thing. Developing a system with a hole anyone can find if they look long enough is not acceptable.

Whatever else he may have accomplished, Edward Snowden proved that NSA hidden knowledge can and does get unhidden. At least to people who failed to learn that from PFC Manning.

So it’s best not to deploy a group that only the NSA can break, even if you are not concerned about the NSA monitoring your data. The next Snowden can make it so that the people that you are concerned about will also be doing it. 

Yoav