ipsec November 2007 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] Fwd: Document Action: 'Additional Diffie-Hellman

[IPsec] Fwd: Document Action: 'Additional Diffie-Hellman Groups for use with IETF Standards' to Informational RFC

From: Paul Hoffman <paul.hoffman_at_nospam>
Date: Mon Nov 19 2007 - 23:23:13 GMT
To: ipsec@ietf.org, ietf-smime@imc.org, tls@ietf.org

>The IESG has approved the following document:
>- 'Additional Diffie-Hellman Groups for use with IETF Standards '
> <draft-lepinski-dh-groups-03.txt> as an Informational RFC
>This document has been reviewed in the IETF but is not the product of an
>IETF Working Group.
>The IESG contact person is Tim Polk.
>A URL of this Internet-Draft is:
>Technical Summary
>This document specifies (eight) Diffie-Hellman groups for use with
>security protocols developed by five different IETF WGs (IPsec, PKIX,
>S/MIME, SSH, SSL, and TLS). The specified groups include three
>modular exponentiation groups and five elliptic curve groups. Several
>of the Diffie-Hellman groups specified in this draft are already
>defined in WG-specific RFCs (e.g., RFC 3526 and RFC 4753) and I-Ds,
>but without the test data provided here. The group definitions and
>test data are derived from a NIST document that is available only
>on the NIST web site as a PDF. This draft translates the parameter
>terminology from the with NIST document into a form consistent with
>RFCs that define Diffie-Hellman groups (in protocol-specific contexts),
>and removes extraneous test data that would not be relevant to IETF
>Working Group Summary
>This document was not the product of any working group, but has been
>reviewed by experts from several relevant wgs. Specifically, this
>incorporates comments from: Tero Kivinen, the designated
>approver of additional Diffie-Hellman groups for IKE; Sean
>Turner S/MIME WG co-chair; and Pasi Eronen (TLS WG co-chair). Steve
>Kent (PKIX co-chair) is a co-author of this document and he ensured
>that PKIX concerns were addressed. No input was solicited form the
>SSH WG co-chairs, as that protocol provides a trivial means of
>accommodating additional (mod p) Diffie-Hellman groups. SSH provides
>no means of accommodating Elliptic Curve Diffie-Hellman groups, and
>as a result, the document is silent on use of Elliptic Curve
>Diffie-Hellman groups with SSH. (There is an expired I-D that
>describes how to use Elliptic Curve Diffie-Hellman with SSH. If it
>is re-submitted and adopted by the SSH WG, it would be appropriate
>to amend this draft to include it as well.)
>Protocol Quality
>Tim Polk reviewed this specification for the IESG. Larry Bassham, who
>drafted the base NIST document, has also reviewed the specification.

IPsec mailing list