[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method

To: Georgi Guninski <[email protected]>
Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
From: [email protected] (Alfonso De Gregorio)
Date: Sat, 5 Sep 2015 07:41:11 +0000
Cc: [email protected]
In-reply-to: <[email protected]$>
References: <[email protected]$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <[email protected]$> <[email protected]$> <[email protected]$> <[email protected]$> <CA+bTbPDoQi030MN4j8E4fmx_KOQP48xsbJjGM4X2rk=_E3zgZQ@mail.gmail.com> <[email protected]$>

On Sat, Sep 5, 2015 at 7:07 AM, Georgi Guninski <[email protected]> wrote:
> On Sat, Sep 05, 2015 at 06:37:09AM +0000, Alfonso De Gregorio wrote:
>>
>> (*) It would be interesting to look at the story of RFC-2631, as
>> Bernstein, Lange, and Niederhagen did for the Dual EC standard
>> https://projectbullrun.org/dual-ec/
>>
>
> 2631 is on wikipedia's page for DH.

Sure, the questions are: What is the origin of the current wording of
the standard, that opens an avenue for lax checks for group
parameters? Or, if, as you correctly pointed out, an implementation
MAY NOT check group parameters, which entity deserves credit for it?

Interestingly, a review of revisions (using rfcdiff) shows that the
current wording was introduced in draft #1 of draft-ietf-smime-x942
https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-smime-x942-01.txt.
This is dated October 1998. Yet, it is still not clear if the diff is
to be attributed to Rescorla, or any other contributor to the this
standardization effort.

Cheers,

-- Alfonso

Follow-Ups:
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Peter Gutmann)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)

References:
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Peter Gutmann)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Alfonso De Gregorio)
- Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
  - From: [email protected] (Georgi Guninski)

Prev by Date: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Next by Date: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Previous by thread: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Next by thread: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Index(es):
- Date
- Thread