Re: [TLS] Draft-ietf-tls-negotited-ff-dhe-07
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 28 March 2015 18:53 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 547701A8F39; Sat, 28 Mar 2015 11:53:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOqsBqp2Z7rn; Sat, 28 Mar 2015 11:53:25 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A0A041A8F40; Sat, 28 Mar 2015 11:53:25 -0700 (PDT)
Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 1C178F991; Sat, 28 Mar 2015 14:53:23 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id B4F60218DC; Sat, 28 Mar 2015 11:43:00 -0500 (CDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Tero Kivinen <kivinen@iki.fi>, tls@ietf.org, draft-ietf-tls-negotiated-ff-dhe@ietf.org
In-Reply-To: <21780.25234.61519.90042@fireball.kivinen.iki.fi>
References: <21780.25234.61519.90042@fireball.kivinen.iki.fi>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Sat, 28 Mar 2015 12:43:00 -0400
Message-ID: <87oandt6nf.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/M7uuZDd58pjUbpoQJpNAjEzErpg>
Subject: Re: [TLS] Draft-ietf-tls-negotited-ff-dhe-07
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Mar 2015 18:53:31 -0000
On Thu 2015-03-26 15:48:34 -0400, Tero Kivinen wrote:
> In Honolulu I verified that the primes generated in the
> draft-ietf-tls-negotited-ff-dhe correctly, i.e. I generated them
> again, and got same results. I also verified that they are primes
> using primo. This morning I checked that the new 2048 bit group added
> after that is also correct, but found problem there.
>
> The actual hex number in the draft is correct, but the formula for the
> numebr is wrong.
>
> I.e. A.1. ffdhe2048 says:
>
> The modulus is: p = 2^2048 - 2^1984 + {[2^1918 * e] + 560315 } * 2^64
> - 1
>
> but that does not match the hex number, there is off-by-one error. The
> number 560315 should be 560316 instead.
Yikes, I can confirm this.
Thanks to Tero for verifying the formulas as well as the hex numbers.
It appears i had rounded instead of flooring when computing ffdhe2048,
how embarrassing. I plan to submit -08 when i get back on-network that
will have this piece corrected.
> I also put all the primo primality proof certificates on my web page
> (along with the IKE primality certificates):
> https://kivinen.iki.fi/primes/
I've also calculated primo primality proofs and placed them here:
https://dkg.fifthhorseman.net/ffdhe-primality-proofs/
Regards,
--dkg
- [TLS] Draft-ietf-tls-negotited-ff-dhe-07 Tero Kivinen
- Re: [TLS] Draft-ietf-tls-negotited-ff-dhe-07 Daniel Kahn Gillmor