Re: [IPsec] Question about RFC 5114

Joy Latten <latten@austin.ibm.com> Tue, 06 April 2010 21:40 UTC

Return-Path: <latten@austin.ibm.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C06D3A69AA for <ipsec@core3.amsl.com>; Tue, 6 Apr 2010 14:40:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=3.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CW8TZ0ZnqXG5 for <ipsec@core3.amsl.com>; Tue, 6 Apr 2010 14:40:57 -0700 (PDT)
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.142]) by core3.amsl.com (Postfix) with ESMTP id 6814C3A699A for <ipsec@ietf.org>; Tue, 6 Apr 2010 14:40:57 -0700 (PDT)
Received: from d01relay07.pok.ibm.com (d01relay07.pok.ibm.com [9.56.227.147]) by e2.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id o36LTfMg015027 for <ipsec@ietf.org>; Tue, 6 Apr 2010 17:29:41 -0400
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay07.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o36LelRS1962082 for <ipsec@ietf.org>; Tue, 6 Apr 2010 17:40:47 -0400
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id o36LelbV019336 for <ipsec@ietf.org>; Tue, 6 Apr 2010 17:40:47 -0400
Received: from austin.ibm.com (netmail2.austin.ibm.com [9.41.248.176]) by d01av04.pok.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id o36LekV1019308; Tue, 6 Apr 2010 17:40:46 -0400
Received: from [9.41.41.43] (faith.austin.ibm.com [9.41.41.43]) by austin.ibm.com (8.13.8/8.12.10) with ESMTP id o36Lekwg044004; Tue, 6 Apr 2010 16:40:46 -0500
From: Joy Latten <latten@austin.ibm.com>
To: Richard Barnes <rbarnes@bbn.com>
In-Reply-To: <50C9BA8B-3C10-4C7F-93B7-B95E0ECA2CEB@bbn.com>
References: <1269638701.2838.303.camel@faith.austin.ibm.com> <EE0C2F9E065E634B84FC3BE36CF8A4B2034074E1@xmb-sjc-23e.amer.cisco.com> <1270571197.2838.504.camel@faith.austin.ibm.com> <50C9BA8B-3C10-4C7F-93B7-B95E0ECA2CEB@bbn.com>
Content-Type: text/plain
Date: Tue, 06 Apr 2010 16:19:32 -0500
Message-Id: <1270588772.2838.506.camel@faith.austin.ibm.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.5 (2.24.5-1.fc10)
Content-Transfer-Encoding: 7bit
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Question about RFC 5114
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: latten@austin.ibm.com
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2010 21:40:59 -0000

On Tue, 2010-04-06 at 12:54 -0400, Richard Barnes wrote:
> > Thanks so much for the detail. It has helped greatly.
> > I did take a look at NIST SP 800-56A section 5.6.2.4 for validating  
> > the
> > public value. I am in learning mode, so I found the 2nd step
> > confusing...
> > 1. Verify that 2 <= y <= p - 2
> > 2. Verify that y^q = 1 (mod p)
> >
> > Are the parenthesis around "mod p" correct? This is how it is in the
> > NIST doc.
> 
> 
> Yes, the parens are correct.  That's just a more traditional notation  
> for modular equivalence:
> 
> A = B (mod p)
> 
> is the same as saying (in C notation)
> 
> A % p == B % p
> 
> So in your case you would want to check:
> 
> y^q % p == 1
> 

Thanks so much!!! This definitely cleared it up for me! :-)

regards,
Joy