oss-sec mailing list archives
Re: Prime example of a can of worms
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 22 Oct 2015 18:55:06 -0400
On Thu 2015-10-22 01:09:16 -0400, Kurt Seifried wrote:
Having a large pool of known good primes would be easier for them to use I suspect. Sadly we can't let perfect be the enemy of the good, or in this case the "not completely terrible".
a large pool of known-good primes doesn't help so much, particularly for
the embedded case -- peers that are offered a group need to be able to
easily verify that the group is strong. embedded devices simply aren't
going to carry around a large list of well-vetted primes of short
length, but we could *maybe* convince them to carry around a shorter
list of well-vetted strong primes.
I'd rather see us increase the security margin for a set of well-vetted
standard groups than ask people to make implementations that can't
determine whether they're in a reasonable group or not.
--dkg
Current thread:
- Re: Prime example of a can of worms, (continued)
- Re: Prime example of a can of worms Kurt Seifried (Oct 19)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
- Re: Prime example of a can of worms Brad Knowles (Oct 20)
- Re: Prime example of a can of worms Kurt Seifried (Oct 20)
- Re: Prime example of a can of worms gremlin (Oct 20)
- Re: Prime example of a can of worms Matthias Weckbecker (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)
- Re: Prime example of a can of worms Joshua Rogers (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)
- Re: Prime example of a can of worms Florent Daigniere (Oct 22)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)
- Re: Prime example of a can of worms Kurt Seifried (Oct 22)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)
- Re: Prime example of a can of worms gremlin (Oct 23)