[12725] in cryptography@c2.net mail archive
Re: Proven Primes
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Mar 10 11:35:03 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Mon, 10 Mar 2003 15:48:25 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Tero Kivinen <kivinen@iki.fi>
Cc: Jack Lloyd <lloyd@acm.jhu.edu>,
Cryptography <cryptography@wasabisystems.com>
In-Reply-To: <15980.42540.83824.229768@fireball.acr.fi>
Tero Kivinen wrote:
> Ben Laurie writes:
>
>>Jack Lloyd wrote:
>>
>>>Check RFC 2412, draft-ietf-ipsec-ikev2-05.txt, and
>>>draft-ietf-ipsec-ike-modp-groups-05.txt
>>>However, I don't seen any primality proof certificates included in the
>>>texts.
>
>
> I considered adding the ecpp certificates to
> draft-ietf-ipsec-ike-modp-groups document, but as the certificates are
> several magabytes in total, there is no point of adding them to this
> kind of document (the document would be several hundred pages long
> consisting only numbers...).
>
>
>>RFC 2412 looks good, however, as you say, no certificates are included,
>>nor is it made clear that (p-1)/2 has been proven.
>>I-Ds are less useful to me, since I can't give a long-term reference for
>>them :-(
>
>
> The draft-ietf-ipsec-ike-modp-groups used to have pointer to the ftp
> site having the certificates
> (ftp://ftp.ssh.fi/pub/ietf/ecpp-certificates), but that was removed
> during the IESG review, because url references are not stable enough
> in general (the ftp://ftp.ssh.fi/pub/ietf/ecpp-certificates site is
> supposed to be there forever).
>
> That site also includes certificates of modp groups from the RFC 2412
> (and (p-1)/2 also).
Thanks.
> I actually just finished finding the 16384 bit Diffie-Helman group
> with same kind of parameters. It took about 9.5 months to generate.
> The 12288 bit group took only about 15 days to generate.
I have to admit to surprise at the time involved - what s/w are you
using to do the generating?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
