IETF Logo Mail Archive

Re: [TLS] MODP group modulus derivation [was: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]

Jeffrey Hutzelman <jhutz@cmu.edu> Wed, 12 March 2014 17:20 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73E7A1A04A7 for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 10:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bqsbqna-lyHz for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 10:20:17 -0700 (PDT)
Received: from smtp02.srv.cs.cmu.edu (smtp02.srv.cs.cmu.edu [128.2.217.201]) by ietfa.amsl.com (Postfix) with ESMTP id A0B341A074A for <tls@ietf.org>; Wed, 12 Mar 2014 10:20:16 -0700 (PDT)
Received: from [192.168.202.157] (pool-108-39-221-65.pitbpa.fios.verizon.net [108.39.221.65]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id s2CHJuMw017129 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 12 Mar 2014 13:19:59 -0400 (EDT)
Message-ID: <1394644793.23530.30.camel@destiny.pc.cs.cmu.edu>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Date: Wed, 12 Mar 2014 13:19:53 -0400
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C737238A20F@uxcn10-6.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C737238A20F@uxcn10-6.UoA.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.8.4-0ubuntu1
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: mimedefang-cmuscs on 128.2.217.201
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/PnAOrgHikjTqSO9nKmdLh38vy2c
Cc: "ietf-ssh@netbsd.org" <ietf-ssh@NetBSD.org>, "<tls@ietf.org>" <tls@ietf.org>, jhutz@cmu.edu
Subject: Re: [TLS] MODP group modulus derivation [was: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 17:20:27 -0000

On Wed, 2014-03-12 at 00:25 +0000, Peter Gutmann wrote:

> This is from an early Oakley draft draft-ietf-ipsec-isakmp-oakley-03.txt that
> references another Oakley draft draft-ietf-ipsec-oakley-01.txt which, however,
> doesn't actually contain the text quoted above.  So I guess the reference
> would be [Citation needed ^ 2] or [Apocryphal ^ 2].

Actually, that text _does_ appear in RFC2412, in the introduction to
appendix E, where the first five well-known groups are defined.  The
groups defined in RFC3526 have the same structure, but while that
document does make reference to RFC2412, it does not actually claim the
same method was used to select them.  This should be relatively easy to
verify, however.

The MODP groups given in RFC5114 are taken from DSS and NIST SP-800-56A,
and do not have this same structure.  The RFC has nothing to say on how
they were selected, and my recollection from the last time I looked was
that the NIST publications don't say anything either.

-- Jeff

v2.23.0 | Report a Bug | By Email