Re: [TLS] DH group validation
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] DH group validation
At Tue, 16 Oct 2007 22:10:11 +0300,
Nikos Mavrogiannopoulos wrote:
> On Tuesday 16 October 2007, Eric Rescorla wrote:
> > Looking at the (purported) group size is reasonable because it is
> > cheap to do, so that the client can detect if the server at least
> > pretends to use a certain security level.
>
> But of course then you need to define what a security level is and how it
> applies to DH key exchange.
I don't see that this follows. The current text simply leaves the
decision to the client, which seems to do the job:
The client SHOULD also
verify that the DH public exponent appears to be of adequate size.
-Ekr
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
