Great, clear benefits to having a separate AAA server. So that's
the reason to neuter technology?
What you're talking about is a deployment issue and that really isn't
any of our business.
Dan.
On Thu, March 25, 2010 10:06 pm, Yaron Sheffer wrote:
> As I mentioned in my previous mail, the
Hi Yaron
Thank you for your clarification.
> "between gateways" as opposed to
> "between clients and gateways". So your assertion is correct.
(Between gateways, administrators can set long secrets, so the necessity of
PAKE seems smaller than between clients and gateways where passwords are
recor
Telling administrators what they can and cannot do is really not
the function of our standards body. If someone wants to use a
"long secret" or a password to authenticate gateways, hosts, clients,
peers, or implementations (or whatever you want to call the box) it's
none of our business. We shou
Hi,
I am looking to implement modp groups 22, 23, and 24 into IKE but have a
question.
RFC 5114 gives the prime, p, the generator, g and a subgroup, q, with a
specific size...
Because prior rfcs for modp groups did not specify a "q", I was not sure
if this was a new constant or just stating a s
Hi Joy
When one uses a subgroup like defined in RFC 5114, q (and (p-1)/2q ) must be
chosen carefully.
Precisely:
1. q must be a prime number of 2k or more bits where k is a security parameter.
2. q must be a divisor of ((p - 1) / 2).
3. Every factors of (p - 1) / (2q) must also be primes compara
Hi Joy,
"q" is the order of the group defined by the "g". If you want to use
the FIPS 186-3 process for generating a D-H key pair with the other MODP
groups that don't have a defined order (like 5, 14, 15, 16...) you can
just use (p-1/2) for the value "q".
There are going to be q distinct
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
> Of Joy Latten
> Sent: Friday, March 26, 2010 5:25 PM
> To: mlepin...@bbn.com; k...@bbn.com
> Cc: ipsec@ietf.org; avaga...@redhat.com
> Subject: [IPsec] Question about RFC 5114
>
> Hi,
>
> I a
