Re: draft-thomson-http-encryption-00 - Logjam from Martin Thomson on 2015-05-22 (ietf-http-wg@w3.org from April to June 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 22 May 2015 09:52:14 -0700
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CABkgnnV2CeJ8xoK+oFPWDLd6Lv-zqb7m+7GYSwfowc=OgpuTDw@mail.gmail.com>

On 22 May 2015 at 02:11, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> Personally, I think the paper goes too far towards
> recommending site-specific primes be used as we do have a
> real history of that causing issues in some implementations
> that omit checks on received values and other implementations
> that send bad values. (Don't have a reference to hand sorry.)

I agree.  Apparently reference [43] in the paper explains how to
construct prime groups that have hard-to-detect small subgroups.

[43] I. A. Semaev. Special prime numbers and discrete logs in finite
prime fields.
Math. Comp., 71(237):363–377,Jan. 2002.

Received on Friday, 22 May 2015 16:52:42 UTC