[PATCH 42/43] Introduce negotiation for Diffie--Hellman groups.
Ian Jackson
ijackson at chiark.greenend.org.uk
Sun Apr 30 19:47:57 BST 2017
Mark Wooding writes ("[PATCH 42/43] Introduce negotiation for Diffie--Hellman groups."):
> The most significant one is that existing Secnets don't pay attention to
> the high 16 cap bits. To bring them into availability, we introduce a
> signalling system: the topmost bit indicates that the sender's DH group
> is explicitly advertised as cap bit. It this topmost bit is clear,
> there are two consequences:
Existing secnets do not understand the high cap bits as transforms
because: only bits 0-7 are reserved for the user; the user should not
use other bits. Only bits 8-15 are known transforms. So there cannot
be any known transforms in the other bits.
CAPAB_EXPLICIT_TRANSFORM_DH should be bit 15, not bit 31, so that
current secnets see that we are explicitly advertising all of our
transforms, even if none of our actual supported transforms are bits
0..14.
Ie, I think my previously discussed scheme was better.
Ian.
More information about the sgo-software-discuss
mailing list