Additional Diffie-Hellman Groups for Use with IETF Standards
RFC 5114
| Document | Type |
RFC - Informational
(January 2008; No errata)
Was draft-lepinski-dh-groups (individual in sec area)
|
|
|---|---|---|---|
| Authors | Matt Lepinski , Stephen Kent | ||
| Last updated | 2018-12-20 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 5114 (Informational) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Tim Polk | ||
| Send notices to | (None) | ||
Network Working Group M. Lepinski
Request for Comments: 5114 S. Kent
Category: Informational BBN Technologies
January 2008
Additional Diffie-Hellman Groups for Use with IETF Standards
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Abstract
This document describes eight Diffie-Hellman groups that can be used
in conjunction with IETF protocols to provide security for Internet
communications. The groups allow implementers to use the same groups
with a variety of security protocols, e.g., SMIME, Secure SHell
(SSH), Transport Layer Security (TLS), and Internet Key Exchange
(IKE).
All of these groups comply in form and structure with relevant
standards from ISO, ANSI, NIST, and the IEEE. These groups are
compatible with all IETF standards that make use of Diffie-Hellman or
Elliptic Curve Diffie-Hellman cryptography.
These groups and the associated test data are defined by NIST on
their web site [EX80056A], but have not yet (as of this writing) been
published in a formal NIST document. Publication of these groups and
associated test data, as well as describing how to use Diffie-Hellman
and Elliptic Curve Diffie-Hellman for key agreement in all of the
protocols cited below, in one RFC, will facilitate development of
interoperable implementations and support the Federal Information
Processing Standard (FIPS) validation of implementations that make
use of these groups.
Lepinski & Kent Informational [Page 1]
RFC 5114 Additional Diffie-Hellman Groups January 2008
Table of Contents
1. Introduction ....................................................2
2. Additional Diffie-Hellman Groups ................................4
2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup ......4
2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup ......4
2.3. 2048-bit MODP Group with 256-bit Prime Order Subgroup ......5
2.4. 192-bit Random ECP Group ...................................6
2.5. 224-bit Random ECP Group ...................................7
2.6. 256-bit Random ECP Group ...................................7
2.7. 384-bit Random ECP Group ...................................8
2.8. 521-bit Random ECP Group ...................................9
3. Using These Groups with IETF Standards ..........................9
3.1. X.509 Certificates .........................................9
3.2. IKE .......................................................10
3.3. TLS .......................................................10
3.4. SSH .......................................................11
3.5. SMIME .....................................................11
4. Security Considerations ........................................12
5. IANA Considerations ............................................13
6. Acknowledgments ................................................13
Appendix A: Test Data .............................................14
A.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup......15
A.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup......15
A.3. 2048-bit MODP Group with 256-bit Prime Order Subgroup......16
A.4. 192-bit Random ECP Group ..................................17
A.5. 224-bit Random ECP Group ..................................18
A.6. 256-bit Random ECP Group ..................................18
A.7. 384-bit Random ECP Group ..................................19
A.8. 521-bit Random ECP Group ..................................19
Normative References ..............................................20
Informative References ............................................20
1. Introduction
This document provides parameters and test data for several
Diffie-Hellman (D-H) groups that can be used with IETF protocols that
employ D-H keys, (e.g., IKE, TLS, SSH, and SMIME) and with IETF
standards, such as Public Key Infrastructure for X.509 Certificates
(PKIX) (for certificates that carry D-H keys). These groups
complement others already documented for the IETF, including the
"Oakley" groups defined in RFC 2409 [RFC2409] for use with IKEv1, and
several additional D-H groups defined later, e.g., [RFC3526] and
[RFC4492].
Lepinski & Kent Informational [Page 2]
RFC 5114 Additional Diffie-Hellman Groups January 2008
The initial impetus for the definition of D-H groups (in the IETF)
arose in the IPsec (IKE) context, because of the use of an ephemeral,
Show full document text