| < draft-lepinski-dh-groups-02.txt | draft-lepinski-dh-groups-03.txt > | |||
|---|---|---|---|---|
| Internet Draft M. Lepinski | Internet Draft M. Lepinski | |||
| Intended status: Informational S. Kent | Intended status: Informational S. Kent | |||
| Expires: May 2008 BBN Technologies | Expires: May 2008 BBN Technologies | |||
| November 5, 2007 | November 6, 2007 | |||
| Additional Diffie-Hellman Groups for use with IETF Standards | Additional Diffie-Hellman Groups for use with IETF Standards | |||
| draft-lepinski-dh-groups-02.txt | draft-lepinski-dh-groups-03.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that | By submitting this Internet-Draft, each author represents that | |||
| any applicable patent or other IPR claims of which he or she is | any applicable patent or other IPR claims of which he or she is | |||
| aware have been or will be disclosed, and any of which he or she | aware have been or will be disclosed, and any of which he or she | |||
| becomes aware will be disclosed, in accordance with Section 6 of | becomes aware will be disclosed, in accordance with Section 6 of | |||
| BCP 79. | BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| skipping to change at page 10, line 32 ¶ | skipping to change at page 10, line 32 ¶ | |||
| keys (and associated parameters) in X.509 certificates is defined in | keys (and associated parameters) in X.509 certificates is defined in | |||
| [RFC3279]. The MODP groups defined above MUST be represented via the | [RFC3279]. The MODP groups defined above MUST be represented via the | |||
| syntax defined in Section 2.3.3, and the elliptic curve groups via | syntax defined in Section 2.3.3, and the elliptic curve groups via | |||
| the syntax defined in Section in 2.3.5 of that RFC. When a Diffie- | the syntax defined in Section in 2.3.5 of that RFC. When a Diffie- | |||
| Hellman public key is encoded in a certificate, if the KeyUsage | Hellman public key is encoded in a certificate, if the KeyUsage | |||
| extension is present, the keyAgreement bits MUST be asserted, and | extension is present, the keyAgreement bits MUST be asserted, and | |||
| encipherOnly or decipherOnly (but not both) MAY be asserted. | encipherOnly or decipherOnly (but not both) MAY be asserted. | |||
| 3.2. IKE | 3.2. IKE | |||
| Use of MODP Diffie-Hellman groups with IKEv2 is defined in [RFC4306]. | Use of MODP Diffie-Hellman groups with IKEv2 is defined in [RFC4306] | |||
| However, [RFC4306] does not specify the format of key exchange | and the use of MODP groups with IKEv1 is defined in [RFC2409]. | |||
| payloads and the derivation of shared keys for ECP Diffie-Hellman | However, in the case of ECP Diffie-Hellman groups, the format of | |||
| groups. For the ECP Diffie-Hellman groups defined in this document, | key exchange payloads and the derivation of a shared secret has | |||
| the key exchange payload format and shared key derivation procedure | thus far been specified on a group-by-group basis. For the ECP | |||
| specified in [RFC4753] MUST be used. For IKEv1, the use of both MODP | Diffie-Hellman groups defined in this document, the key exchange | |||
| and ECP Diffie-Hellman groups is specified in [RFC2409]. | payload format and shared key derivation procedure specified in | |||
| [RFC4753] MUST be used (with both IKEv2 and IKEv1). | ||||
| To enable use of these additional groups in IKE, it is required that | To enable use of these additional groups in IKE, it is required that | |||
| IANA update the registries of Diffie-Hellman groups (for both | IANA update the registries of Diffie-Hellman groups (for both | |||
| versions of IKE) to include five of the groups defined above (for | versions of IKE) to include five of the groups defined above (for | |||
| which no group numbers were previously assigned). Section 6 details | which no group numbers were previously assigned). Section 6 details | |||
| the required IANA actions. The following table provides the Transform | the required IANA actions. The following table provides the Transform | |||
| IDs of each of the Diffie-Hellman groups as registered in both [IANA- | IDs of each of the Diffie-Hellman groups as registered in both [IANA- | |||
| IKE] and [IANA-IKE2]. | IKE] and [IANA-IKE2]. | |||
| NAME | NUMBER | NAME | NUMBER | |||
| End of changes. 3 change blocks. | ||||
| 9 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||