[Ach] DH Groups in VPN section

L. Aaron Kaplan kaplan at cert.at
Tue Dec 17 13:27:07 CET 2013


On Dec 17, 2013, at 1:22 PM, Aaron Zauner <azet at azet.org> wrote:

> The table now states:
> 
> Group 14–18, 19–21
> 
> and
> 
> Group 14–21
> 
> This includes (NIST) EC groups. Do we want that in a VPN? Probably not.
> 
> I’d rather put Group 14, 21 there explicitly. I’ll change that. 
> 

I'd say: 

Leave them in there but mark them as  NIST curves and refer to the section on ECC which discusses the issues with NIST curves.



> Aaron
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

--- 
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131217/517459b5/attachment.sig>


More information about the Ach mailing list