Proven Primes

[Tero Kivinen]

Ben Laurie writes:
> Jack Lloyd wrote:
> > Check RFC 2412, draft-ietf-ipsec-ikev2-05.txt, and
> > draft-ietf-ipsec-ike-modp-groups-05.txt
> > However, I don't seen any primality proof certificates included in the
> > texts.

I considered adding the ecpp certificates to
draft-ietf-ipsec-ike-modp-groups document, but as the certificates are
several magabytes in total, there is no point of adding them to this
kind of document (the document would be several hundred pages long
consisting only numbers...). 

> RFC 2412 looks good, however, as you say, no certificates are included, 
> nor is it made clear that (p-1)/2 has been proven.
> I-Ds are less useful to me, since I can't give a long-term reference for 
> them :-(

The draft-ietf-ipsec-ike-modp-groups used to have pointer to the ftp
site having the certificates
(ftp://ftp.ssh.fi/pub/ietf/ecpp-certificates), but that was removed
during the IESG review, because url references are not stable enough
in general (the ftp://ftp.ssh.fi/pub/ietf/ecpp-certificates site is
supposed to be there forever).

That site also includes certificates of modp groups from the RFC 2412
(and (p-1)/2 also).

I actually just finished finding the 16384 bit Diffie-Helman group
with same kind of parameters. It took about 9.5 months to generate.
The 12288 bit group took only about 15 days to generate.

Proving them will propably take even longer than generating them... 
-- 
kivinen at ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com