On Tue, 2010-04-06 at 12:54 -0400, Richard Barnes wrote:
> > Thanks so much for the detail. It has helped greatly.
> > I did take a look at NIST SP 800-56A section 5.6.2.4 for validating
> > the
> > public value. I am in learning mode, so I found the 2nd step
> > confusing...
> > 1. Verify that 2
Thanks so much for the detail. It has helped greatly.
I did take a look at NIST SP 800-56A section 5.6.2.4 for validating
the
public value. I am in learning mode, so I found the 2nd step
confusing...
1. Verify that 2 <= y <= p - 2
2. Verify that y^q = 1 (mod p)
Are the parenthesis around "mod
..@bbn.com
> > Cc: ipsec@ietf.org; avaga...@redhat.com
> > Subject: [IPsec] Question about RFC 5114
> >
> > Hi,
> >
> > I am looking to implement modp groups 22, 23, and 24 into IKE but have
> > a
> > question.
> >
> > RFC 5114 gives t
, 2010 6:25 AM
> > To: mlepin...@bbn.com; k...@bbn.com
> > Cc: ipsec@ietf.org; avaga...@redhat.com
> > Subject: [IPsec] Question about RFC 5114
> >
> > Hi,
> >
> > I am looking to implement modp groups 22, 23, and 24 into IKE but
> have a
> > question.
>
Behalf Of
> Joy Latten
> Sent: Saturday, March 27, 2010 6:25 AM
> To: mlepin...@bbn.com; k...@bbn.com
> Cc: ipsec@ietf.org; avaga...@redhat.com
> Subject: [IPsec] Question about RFC 5114
>
> Hi,
>
> I am looking to implement modp groups 22, 23, and 24 into IKE but have
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
> Of Joy Latten
> Sent: Friday, March 26, 2010 5:25 PM
> To: mlepin...@bbn.com; k...@bbn.com
> Cc: ipsec@ietf.org; avaga...@redhat.com
> Subject: [IPsec] Question about RFC
Hi Joy,
"q" is the order of the group defined by the "g". If you want to use
the FIPS 186-3 process for generating a D-H key pair with the other MODP
groups that don't have a defined order (like 5, 14, 15, 16...) you can
just use (p-1/2) for the value "q".
There are going to be q distinct
Behalf Of
> Joy Latten
> Sent: Saturday, March 27, 2010 6:25 AM
> To: mlepin...@bbn.com; k...@bbn.com
> Cc: ipsec@ietf.org; avaga...@redhat.com
> Subject: [IPsec] Question about RFC 5114
>
> Hi,
>
> I am looking to implement modp groups 22, 23, and 24 into IKE but have
Hi,
I am looking to implement modp groups 22, 23, and 24 into IKE but have a
question.
RFC 5114 gives the prime, p, the generator, g and a subgroup, q, with a
specific size...
Because prior rfcs for modp groups did not specify a "q", I was not sure
if this was a new constant or just stating a s
