[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: xxx-draft-spec-for-TLS-normalization.txt
- To: or-dev@xxxxxxxxxxxxx
- Subject: Re: xxx-draft-spec-for-TLS-normalization.txt
- From: Mansour Moufid <mansourmoufid@xxxxxxxxx>
- Date: Wed, 26 Jan 2011 17:10:10 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-dev-outgoing@xxxxxxxx
- Delivered-to: or-dev@xxxxxxxx
- Delivery-date: Wed, 26 Jan 2011 17:10:37 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=Os7q8hwlMoMUYoeqHmMdwRc7EfkSK4Mn+TIFq7KmYfo=; b=mIg5kjZxMPRbZbe0jlgW0v6iCSlO8DC/bBn65Rrd4RvAiG1ZxYeXKsAwsX39jydQ/q h4NFgtJf400hWYtzLfL2r4/6KQ8IVi8KJoHiB0alrq/ITZduQT5ce0ei4YD4zxZeEJgs OeTweOCeHqgbdLBr/qgSjEnI1Kkh5h/AK3INk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=SFpH/E9vTxcC8tbMSGsI5bJgbEMUcrXRqz/S1yfrieqG/8pZWHcGRuIFQTUpa0jR7f rzOv7gX5GiXTwqLB1tJvJ+6+CeC3Ep3WjhfrGqZfuUKacC1Q1PvnhkSoEbY7fpQvumQQ jyYq8U3U+zjGZrW0R3dW/Oz53N+96EhcKg88Y=
- In-reply-to: <4D409534.3080302@xxxxxxxxxxxxx>
- References: <4D409534.3080302@xxxxxxxxxxxxx>
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
> As a security precaution, care must be taken to ensure that we do not generate
> weak primes or known filtered primes. Both weak and filtered primes will
> undermine the TLS connection security properties. OpenSSH solves this issue
> dynamically in RFC 4419 [2] and may provide a solution that works reasonably
> well for Tor. More research in this area including Miller-Rabin primality tests
> will need to be analyzed and probably added to Tor.
RFC 4419 suggests the Miller-Rabin test because it is efficient and
well-known. Perhaps Tor could use the AKS primality test, which is
also efficient, and deterministic.