Carrying on after gmail sent the message before I wanted to...
On Fri, Oct 18, 2019 at 11:40 PM Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com>
wrote:
Someone just said we need a spec. Here is a spec:
https://www.ietf.org/id/draft-hallambaker-mesh-udf-07.txt
It is in the new format which is intended to be read as HTML. Until the
tools catch up, you can read it here:
http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html
The draft does not specify the value of e which it should but I am pretty
sure we have standardized on 65537. I see no reference to p being greater
than q and it is a mystery to me why we would care when the RSA parameters
are the modulus and the private exponent d. Knowledge of p and q is only
used to determine d, they are not req
As I was saying, I am not aware of a requirement to know p or q after d is
calculated let alone sort them. There are requirements to do with co-primes
being of particular lengths. But NIST states these are optional so I am
thinking of simply saying that to generate a key pair you use the
derivation mechanism specified until you arrive at a pair you like.
Given the density of prime numbers and given that the smallest keys we are
using are 1024 bits, the work factor for any schemes based on guessing the
prime parameters is going to be above 2^1000 which is more than a google.
I did not bother with DSA. But that could be added. It has serious problems
at this point and is probably just better deprecated.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp