[Ach] DH Groups in VPN section
christian mock
cm at coretec.at
Tue Dec 17 17:15:41 CET 2013
On Tue, Dec 17, 2013 at 01:22:09PM +0100, Aaron Zauner wrote:
> The table now states:
>
> Group 14–18, 19–21
>
> and
>
> Group 14–21
>
> This includes (NIST) EC groups.
It originally had a footnote stating so, but that didn't show up in
the table/tabular environment, so I dropped it.
> Do we want that in a VPN? Probably not.
I think we'd rather have the reader chose and warn them.
> I’d rather put Group 14, 21 there explicitly. I’ll change that.
Note that it said "14-18" and not "14,18":
14: 2048-bit MODP Group
15: 3072-bit MODP Group
16: 4096-bit MODP Group
17: 6144-bit MODP Group
18: 8192-bit MODP Group
So I suggest we either put in one group that fits the config A/B
(which group would that be? do we go into detail WRT DH parameter
sizes in the configs?), or all of them.
cm.
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list