Re: [Cfrg] big-endian short-Weierstrass please
Nico Williams <nico@cryptonector.com> Thu, 29 January 2015 21:54 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6208F1A884F for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 13:54:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-EzV-N8Dc2L for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 13:54:30 -0800 (PST)
Received: from homiemail-a106.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 781141A8856 for <cfrg@irtf.org>; Thu, 29 Jan 2015 13:54:24 -0800 (PST)
Received: from homiemail-a106.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a106.g.dreamhost.com (Postfix) with ESMTP id 030342005D005; Thu, 29 Jan 2015 13:54:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=13Q8hoRvp+eP5k3Br1aenVYWMR0=; b=RD/ZEzq2cwg /LSPHc61G8ZncLwP9G1zuMNmkRpCUhg91LMK8TGOmhAvv+7H+Gr20YdTsVd0DRDH Tz2gAF1o3u9/QjSPi5UAWgHcmMKA/akQL0m3mosT022qGqyFcU3kD1PiROrD7rKS X7Isp+WVUHA2BKuc99X35+Y3FO3CiIA0=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a106.g.dreamhost.com (Postfix) with ESMTPA id 9AF4E2005D004; Thu, 29 Jan 2015 13:54:23 -0800 (PST)
Date: Thu, 29 Jan 2015 15:54:23 -0600
From: Nico Williams <nico@cryptonector.com>
To: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
Message-ID: <20150129215419.GD3110@localhost>
References: <20150128231006.GJ3110@localhost> <D0EED79E.204B1%uri@ll.mit.edu> <878ugleei5.fsf@alice.fifthhorseman.net> <CAMm+LwhD8ZmuO7_OsGYX_VARYT=gDJSkZVavxXkTOvfFLJ-Usg@mail.gmail.com> <CACsn0ckb4xW7gTP4m9BHkQe-Y00Y306wOcuEoSQ25XLeXX14UQ@mail.gmail.com> <CAMm+LwixbMKC+JYRJv2chgBG=dkgqxTNyDY4WZYbKQNzk6isaw@mail.gmail.com> <D0EFF650.2058C%uri@ll.mit.edu> <DA764660-62CE-47C8-B903-78B5B75CD6DB@vpnc.org> <CAMm+Lwhek74JYC1WqKw2XmSGLMnH+XpYRs6j=xUD9B6pjto3tw@mail.gmail.com> <D0F00862.205B5%uri@ll.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <D0F00862.205B5%uri@ll.mit.edu>
User-Agent: Mutt/1.5.21 (2010-09-15)
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/-SlYj4AtWnA936Ms-xscWd8abCk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 21:54:31 -0000
On Thu, Jan 29, 2015 at 09:28:57PM +0000, Blumenthal, Uri - 0558 - MITLL wrote: > I’m arguing that there is a need for DIY curves, on both personal and > “organizational” level. That's not really what is causing debate. The associated proposal for a one-size-fits-all point representation is. DIY curve negotiation could include point representation negotiation, though the cost in terms of generic code would be non-trivial, but then, so is the cost of DIY curves in general, thus I don't mind that cost. Drop the one-size-fits-all point representation proposal and this thread goes quiet and we can expend effort on those remaining issues that matter the most right now (amongst which DIY-curves isn't, not for me anyways). > > So I think we can come up with a decision here but the process makes me > > certain that there is no possibility that two random computers could negotiate > > a secure set of curves on the Internet via a protocol. Unless that is we > > assume some form of out-of-band trust relationship. > > There should be a set of “universally” accepted curves, so that when you > want to talk to a complete stranger – both of you would use what the > “community” considers cryptographically OK (which belongs to that small > commonly shared set). But that’s only half of use cases. If a community can agree a priori on a set of specific curves, then there's no need for DIY curves, just a registry of DIY curves. OTOH, if the two strangers meeting by chance don't have a common community yet still want to pick one of their DIY curves, then we need DIY curve support in the protocol, and one has to wonder: why would the other stranger trust the first as to choice of DIY curve?! Which thought leads me to conclude that we don't need DIY curves, just a registry that is open enough to represent a superset of communities (the two strangers still need to agree as to a common subset of that, of course). > There should be an option to specify “my own” curves, so that when, e.g. one > “team" member wants to talk to his peer – their software will pick that > special curve that was for whatever reasons approved by their boss, or > refuse to connect. Because in that context ability to establish a connection > with a stranger is underisable. How do you not get this with a registry? > > That said, I prefer the Edwards curves because I can explain them to other > > folk without resorting to abstract math (now I have been given the link to > > DJB's presentation at Chaos). The use of The Wierstrass forms are much less > > friendly. > > I see your point. There is that too.
- [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please David Gil
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Tony Arcieri
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Stephen Farrell
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Hanno Böck
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Yoav Nir
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Paul Hoffman
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Andrey Jivsov
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker