Re: draft-thomson-http-encryption-00 - Logjam

On Fri, May 22, 2015 at 08:48:58PM +1200, Amos Jeffries wrote:
> The end of Section 4.2 states:
> "
>    Specifications that rely on an Diffie-Hellman exchange for
>    determining input keying material MUST either specify the parameters
>    for Diffie-Hellman (group parameters, or curves and point format)
>    that are used, or describe how those parameters are negotiated
>    between sender and receiver.
> "
> As has been seen with IKEv1. Having a specification determine explicit
> parameters leads directly to it becoming vulnerable when that parameter
> group is broken. see <>
> I believe that should be changed to remove the requirement to specify an
> exact group.

It would make more sense to me if group parameters/curves and point
formats were properties of the key.

It seems to me that using the same key with multiple parameters/curves
is asking for trouble.


Received on Friday, 22 May 2015 09:15:11 UTC