Re: [Ipsec-tools-devel] DH group 8

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sun, 2005-02-06 at 10:31 +0100, Emmanuel Dreyfus wrote:
> Aidas Kasparas <a.k...@gm...> wrote:
>=20
> > I did not checked if we can find crypto code to implement these ECC=20
> > functions for integration. I don't know do we want this code integrated
> > into racoon.
>=20
> Why wouldn't we want interoperability with yet another implementation?
> What are the drawbacks of integrating that code?

IKE is already a stupidly complex protocol.  And the number of people in
the world who understand ECC is rather small.  The biggest risk with
more code is the added complexity and bugs.  Something like racoon
should be implemented very conservatively.

ECC (Elliptic Curve Cryptography) is a completely different family of
public key cryptography.  It's not a trivial thing to insert like a
larger group size for DH would be.  It's also not at all widely used.

Have fun (if at all possible),
--=20
The best we can hope for concerning the people at large is that they
be properly armed.  -- Alexander Hamilton
-- Eric Hopper (ho...@om...  http://www.omnifarious.org/~hopper)=
 --