Re: [Cfrg] Task looming over the CFRG
Rene Struik <rstruik.ext@gmail.com> Mon, 05 May 2014 18:36 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E5F41A02DE for <cfrg@ietfa.amsl.com>; Mon, 5 May 2014 11:36:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTjG28Bhk4A8 for <cfrg@ietfa.amsl.com>; Mon, 5 May 2014 11:36:05 -0700 (PDT)
Received: from mail-ie0-x235.google.com (mail-ie0-x235.google.com [IPv6:2607:f8b0:4001:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id BE2BA1A00E8 for <cfrg@irtf.org>; Mon, 5 May 2014 11:36:04 -0700 (PDT)
Received: by mail-ie0-f181.google.com with SMTP id y20so8146229ier.26 for <cfrg@irtf.org>; Mon, 05 May 2014 11:36:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=So5/S6zHu7vPlyBUk7jq8+uqJc44a99FEbNSmxqZDT4=; b=CV2u4Wigs7sJfR+CI4aNSECEDY/paoc4Lfh+sQF1tTPkKJD6foPiVbL3vWSyWGFNlq h4Sz6DiDq1YHAG2tnUgBReq5mwjJ/MDSHbuBqUDwe4GZ6lFABCvvkpqdSj6gQjORpNST zS0xm6UhPfOEaMrPtDycth3+BgdecPzsHDxedM3g1yCkgkXzyJ5UTw3OTtZizgBir2R7 GTLcxPRt1qQW4vbGkGlVVv0yOPGYboAk3ppvjjKjcucMX1MyzxydGpgLN5IjYwJmDOhy XGJH9ekrSqgdiz4X9dicQtHLhOz86gwcM1INtjMnsiX4g0SCyfeo3yPKHwReu5TxPWnA 6xpQ==
X-Received: by 10.43.141.81 with SMTP id jd17mr32856017icc.39.1399314961189; Mon, 05 May 2014 11:36:01 -0700 (PDT)
Received: from [192.168.1.103] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.3.110]) by mx.google.com with ESMTPSA id s1sm29774268igr.14.2014.05.05.11.35.58 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 05 May 2014 11:35:59 -0700 (PDT)
Message-ID: <5367DA09.7020906@gmail.com>
Date: Mon, 05 May 2014 14:35:53 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "Igoe, Kevin M." <kmigoe@nsa.gov>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <3C4AAD4B5304AB44A6BA85173B4675CABAA4022F@MSMR-GH1-UEA03.corp.nsa.gov>
In-Reply-To: <3C4AAD4B5304AB44A6BA85173B4675CABAA4022F@MSMR-GH1-UEA03.corp.nsa.gov>
Content-Type: multipart/alternative; boundary="------------020105060604050902090808"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/19vQeSNby9sZckS9b9407ufzWNs
Subject: Re: [Cfrg] Task looming over the CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 18:36:08 -0000
Hi Kevin: Just a few hours prior to the CFRG Interim, David McGrew suggested some criteria for elliptic curves, on which a few comments were received on the mailing list. This list was also - very briefly - discussed during the Virtual Interim. During the virtual interim, there were presentations by various people on curve picks. There was no discussion on schemes these curves should be used with (except for plain ECDH). I think it would be premature to now already draw a conclusion here, since there has hardly been time to digest presentations and reflect upon this. Any presumed concensus by attendees during the call could hardly have been based on reflecting on presented material, since this was uploaded x-minutes prior to the meeting and there was no magical break during the interim to digest material further. So, what was the point of the curve selection criteria strawman and virtual interim presentations if the conclusions are already known now? I would suspect (and raised this on the chat box at the end of the interim) that there should be a sequel to this during the IETF-90 meeting in Toronto (assuming CFRG would indeed meet there). Best regards, Rene http://www.ietf.org/mail-archive/web/cfrg/current/msg04461.html On 5/5/2014 1:58 PM, Igoe, Kevin M. wrote: > As most the folks who read this list have noticed, a virtual interim > meeting of the CFRG > was held on Tues 29 April to discuss the way forward for elliptic > curve cryptography > in the IETF. */This /**/was/**/driven by an earnest plea from the TLS > WG for firm/**//**/guidance /**/from > the CGRG /**/on the selection of elliptic curves/**//**/for use in > TLS. They need an answer /**/before > /**/the /**/Toronto/**/IETF meeting i/**/n/**//**/late July/*. TLS > needs curves for several*//*levels of security (128, > 192 and 256), suitable for use in both key agreement and*//*in digital > signatures. > > * The consensus of the attendees was that it would be best for TLS > to have a single > "mandatory to implement" curve for each of the three security levels. > > * Though the attendees were reluctant to make a formal commitment, there > was clearly a great deal of support for the Montgomery curve > curve25519 (FYI, the > 25519 refers to the fact that arithmetic is done modulo the prime > 2**255 -- 19 ). > > * curve25519 only fills one of the three required security levels. > We still need > curves of size near 384 bits and 512 bits. > > * NIST curves: I doubt TLS will be willing to revisit the question > of elliptic curves once the > CFRG has made their recommendation. Another option to consider is > advising TLS to > use of the NIST curves in the short term, buying time for the CFRG > to do an unrushed > exploration of the alternatives, drawing academia and other > standards bodies into the > discussion. > > P.S. It has been suggested that the CFRG hold a session at the Crypto > conference in > Santa Barbara in an effort to draw in more participation from the > academic community. > No guarantees we can pull this off, but it is worth the attempt. > Thoughts? Volunteers? > P.P.S. We need to start lining up speakers for the CFRG session at > IETF-90 (Toronto). > ----------------+-------------------------------------------------- > Kevin M. Igoe | "We can't solve problems by using the same kind > kmigoe@nsa.gov | of thinking we used when we created them." > | - Albert Einstein - > ----------------+-------------------------------------------------- > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Rene Struik
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Rene Struik
- Re: [Cfrg] Task looming over the CFRG David McGrew
- Re: [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Blumenthal, Uri - 0668 - MITLL
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Watson Ladd
- Re: [Cfrg] Task looming over the CFRG Johannes Merkle
- Re: [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Johannes Merkle
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Watson Ladd
- Re: [Cfrg] Task looming over the CFRG Blumenthal, Uri - 0558 - MITLL