Re: [Cfrg] big-endian short-Weierstrass please
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 29 January 2015 17:36 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FBA11A874B for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 09:36:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJoKIomrK6d7 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 09:36:23 -0800 (PST)
Received: from mail-lb0-x236.google.com (mail-lb0-x236.google.com [IPv6:2a00:1450:4010:c04::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAA7A1A8768 for <cfrg@irtf.org>; Thu, 29 Jan 2015 09:36:16 -0800 (PST)
Received: by mail-lb0-f182.google.com with SMTP id l4so30663021lbv.13 for <cfrg@irtf.org>; Thu, 29 Jan 2015 09:36:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=CwEmx0CiR+EEyf0vjvX1pQqIPxnkssizjzg1iml2dRc=; b=Kv0y+p+0iW6iIdc4Ho6cN2neOQ/6IhvhPhAqxUr5Ypa7uY+9jEJSd21oOrvsF5ZMVU fcPh2b4oFygXgiWjnz7jx+IBHnjof2X5ac6n5w4ba+a5KqIbjlorOkW+9mV54hV5Hpl7 jox82Ogejlrk0fopVhPPFFFoQLBxehkMnMVTbhpZvOTB+g01su7VfT5Fj1z+2HH7l7gq MgBip/krJFObdr8bTrWH0X0duzv/JTPFLWjjsOpu0ajPziN1Q/mATlKp5Y69sQ2OydOQ sNlnuqsNL1I8jbMwCpz6NKEpD2cW4CHNXchPWnmj6FTDXpVm5/bCGFW957HWVhSEqieR oazw==
MIME-Version: 1.0
X-Received: by 10.112.160.193 with SMTP id xm1mr2252538lbb.5.1422552975194; Thu, 29 Jan 2015 09:36:15 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.147.193 with HTTP; Thu, 29 Jan 2015 09:36:15 -0800 (PST)
In-Reply-To: <878ugleei5.fsf@alice.fifthhorseman.net>
References: <810C31990B57ED40B2062BA10D43FBF5D42BDA@XMB116CNC.rim.net> <87386ug2r7.fsf@alice.fifthhorseman.net> <810C31990B57ED40B2062BA10D43FBF5D4413B@XMB116CNC.rim.net> <87r3ueedx7.fsf@alice.fifthhorseman.net> <20150128231006.GJ3110@localhost> <D0EED79E.204B1%uri@ll.mit.edu> <878ugleei5.fsf@alice.fifthhorseman.net>
Date: Thu, 29 Jan 2015 12:36:15 -0500
X-Google-Sender-Auth: 1jvQR7-jxqo1GFuUfTzKENiTv9k
Message-ID: <CAMm+LwhD8ZmuO7_OsGYX_VARYT=gDJSkZVavxXkTOvfFLJ-Usg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: multipart/alternative; boundary="001a11c33818c2bf3c050dcdec51"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/-LTaE8l8Tup60b4evRPZhLIFINs>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 17:36:25 -0000
On Thu, Jan 29, 2015 at 11:30 AM, Daniel Kahn Gillmor <dkg@fifthhorseman.net > wrote: > On Wed 2015-01-28 18:38:49 -0500, Blumenthal, Uri - 0558 - MITLL wrote: > > The problem is - reasonably-vetted by who? NIST? DJB? Yourself? All of > the > > above? > > If this lengthy process we're involved in doesn't turn out to be > reasonable vetting by a multistakeholder group, i'll be sorely > disappointed. > > > Attractiveness of the ability to select a custom curve is similar to that > > of PGP Web of Trust: you can make a choice for yourself, rather than > being > > forced into what other experts (or “experts” :) decide for you. > > This is different from the PGP Web of Trust. If i'm communicating with > a new peer using TLS, and they want to use MagicCurveX that i've never > seen before, my TLS client is not going to be able to evaluate it > properly, certainly not before the TLS handshake expires. > +1 Deploying and implementing cryptosystems requires an enormous amount of expertise and they can fail in many different ways of which a flaw in the cryptographic algorithm security is very very rare. We are not using the web of trust model to develop code so why on earth try to apply it to choice of algorithm? The reason for applying web of trust is when there is no good alternative. I have written papers recently where I show how we might make the web of trust tractable and practical but that is because validating credentials for six billion people is a very different problem. > Anyone can of course decide what curves are worth using, and can apply > their own analysis with their peers to come to that decision. But if > you're communicating with the arbitrary outside world, there needs to be > some broader consensus about which curves to commonly use. > More importantly, I can't use your curves unless you can prove to me that they are secure. And the fact we are having trouble doing that in this group proves that it is not possible to achieve that in a protocol.
- [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please David Gil
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Tony Arcieri
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Stephen Farrell
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Hanno Böck
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Yoav Nir
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Paul Hoffman
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Andrey Jivsov
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker