Additional Diffie-Hellman Groups for Use with IETF Standards
RFC 5114
Document | Type |
RFC - Informational
(January 2008; No errata)
Was draft-lepinski-dh-groups (individual in sec area)
|
|
---|---|---|---|
Last updated | 2018-12-20 | ||
Stream | IETF | ||
Formats | plain text pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5114 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Network Working Group M. Lepinski Request for Comments: 5114 S. Kent Category: Informational BBN Technologies January 2008 Additional Diffie-Hellman Groups for Use with IETF Standards Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract This document describes eight Diffie-Hellman groups that can be used in conjunction with IETF protocols to provide security for Internet communications. The groups allow implementers to use the same groups with a variety of security protocols, e.g., SMIME, Secure SHell (SSH), Transport Layer Security (TLS), and Internet Key Exchange (IKE). All of these groups comply in form and structure with relevant standards from ISO, ANSI, NIST, and the IEEE. These groups are compatible with all IETF standards that make use of Diffie-Hellman or Elliptic Curve Diffie-Hellman cryptography. These groups and the associated test data are defined by NIST on their web site [EX80056A], but have not yet (as of this writing) been published in a formal NIST document. Publication of these groups and associated test data, as well as describing how to use Diffie-Hellman and Elliptic Curve Diffie-Hellman for key agreement in all of the protocols cited below, in one RFC, will facilitate development of interoperable implementations and support the Federal Information Processing Standard (FIPS) validation of implementations that make use of these groups. Lepinski & Kent Informational [Page 1] RFC 5114 Additional Diffie-Hellman Groups January 2008 Table of Contents 1. Introduction ....................................................2 2. Additional Diffie-Hellman Groups ................................4 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup ......4 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup ......4 2.3. 2048-bit MODP Group with 256-bit Prime Order Subgroup ......5 2.4. 192-bit Random ECP Group ...................................6 2.5. 224-bit Random ECP Group ...................................7 2.6. 256-bit Random ECP Group ...................................7 2.7. 384-bit Random ECP Group ...................................8 2.8. 521-bit Random ECP Group ...................................9 3. Using These Groups with IETF Standards ..........................9 3.1. X.509 Certificates .........................................9 3.2. IKE .......................................................10 3.3. TLS .......................................................10 3.4. SSH .......................................................11 3.5. SMIME .....................................................11 4. Security Considerations ........................................12 5. IANA Considerations ............................................13 6. Acknowledgments ................................................13 Appendix A: Test Data .............................................14 A.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup......15 A.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup......15 A.3. 2048-bit MODP Group with 256-bit Prime Order Subgroup......16 A.4. 192-bit Random ECP Group ..................................17 A.5. 224-bit Random ECP Group ..................................18 A.6. 256-bit Random ECP Group ..................................18 A.7. 384-bit Random ECP Group ..................................19 A.8. 521-bit Random ECP Group ..................................19 Normative References ..............................................20 Informative References ............................................20 1. Introduction This document provides parameters and test data for several Diffie-Hellman (D-H) groups that can be used with IETF protocols that employ D-H keys, (e.g., IKE, TLS, SSH, and SMIME) and with IETF standards, such as Public Key Infrastructure for X.509 Certificates (PKIX) (for certificates that carry D-H keys). These groups complement others already documented for the IETF, including the "Oakley" groups defined in RFC 2409 [RFC2409] for use with IKEv1, and several additional D-H groups defined later, e.g., [RFC3526] and [RFC4492]. Lepinski & Kent Informational [Page 2] RFC 5114 Additional Diffie-Hellman Groups January 2008 The initial impetus for the definition of D-H groups (in the IETF) arose in the IPsec (IKE) context, because of the use of an ephemeral,Show full document text