Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 09 April 2013 03:01 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B371221F8F1A for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 20:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kq8nEmDE9HmY for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 20:01:25 -0700 (PDT)
Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id 3E72221F8F1E for <ipsec@ietf.org>; Mon, 8 Apr 2013 20:01:25 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 670A22016F for <ipsec@ietf.org>; Mon, 8 Apr 2013 23:10:59 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id A79A9638F7; Mon, 8 Apr 2013 23:01:06 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 98262638E8 for <ipsec@ietf.org>; Mon, 8 Apr 2013 23:01:06 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: IPsecme WG <ipsec@ietf.org>
In-Reply-To: <9F821C79-A855-4060-A356-ED8E5C50048B@vpnc.org>
References: <9F821C79-A855-4060-A356-ED8E5C50048B@vpnc.org>
X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22)
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 08 Apr 2013 23:01:06 -0400
Message-ID: <5697.1365476466@sandelman.ca>
Sender: mcr@sandelman.ca
Subject: Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 03:01:25 -0000

I read draft-ietf-ipsecme-dh-checks-01.
I am not competent to understand if this addresses a real problem.
I understood that (1 < r < p-1) is a test that many implementors did not
do.    I think that most implementations generated r from a PRNG. 

I have not implemented ECDSA, but the instructions seemed well
formatted, but I don't at this point know what they mean.

-- 
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works