- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 22 May 2015 20:48:58 +1200
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
The end of Section 4.2 states: " Specifications that rely on an Diffie-Hellman exchange for determining input keying material MUST either specify the parameters for Diffie-Hellman (group parameters, or curves and point format) that are used, or describe how those parameters are negotiated between sender and receiver. " As has been seen with IKEv1. Having a specification determine explicit parameters leads directly to it becoming vulnerable when that parameter group is broken. see <https://weakdh.org/> I believe that should be changed to remove the requirement to specify an exact group. New text: " Specifications that rely on an Diffie-Hellman exchange for determining input keying material MUST specify how the parameters for Diffie-Hellman (group parameters, or curves and point format) that are negotiated between sender and receiver. " Security Considerations should probably also be updated to mention the possibility of Logjam attack against weak parameter groups. Amos
Received on Friday, 22 May 2015 08:49:36 UTC