I appreciate the update and on how LogJam impacts F5s. However, I'd like to request that you expand on the statement "Our NATIVE cryptosystem uses custom groups for ephemeral key generation". Does this mean the same custom DH groups are used for every F5 device? Is it possible to generate new custom groups? Lastly, the LogJam paper also calls out that 1024bit DH groups are vulnerable to state sponsored actors and websites who include that in their threat model should be using 2048bit DH. Unfortunately, there is no mention of this in your article and seems to be consistently under played. I'd urge others who are concerned about the lack of greater than 1024bit DH in F5s to add their names to RFE 435231 - "RFE: LTM Support for higher-bit DH keys"
