IETF Logo Mail Archive

Re: [Cfrg] My comments on TLS requirements from today's interim

"Igoe, Kevin M." <kmigoe@nsa.gov> Tue, 01 July 2014 19:10 UTC

Return-Path: <kmigoe@nsa.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B34F41B28B3 for <cfrg@ietfa.amsl.com>; Tue, 1 Jul 2014 12:10:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.549
X-Spam-Level:
X-Spam-Status: No, score=-7.549 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6UVT5YgWatT for <cfrg@ietfa.amsl.com>; Tue, 1 Jul 2014 12:10:22 -0700 (PDT)
Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9]) by ietfa.amsl.com (Postfix) with ESMTP id 54AA11A046A for <cfrg@irtf.org>; Tue, 1 Jul 2014 12:10:22 -0700 (PDT)
X-TM-IMSS-Message-ID: <33b3726100066738@nsa.gov>
Received: from MSHT-GH1-UEA02.corp.nsa.gov ([10.215.227.181]) by nsa.gov ([63.239.67.9]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 33b3726100066738 ; Tue, 1 Jul 2014 15:10:05 -0400
Received: from MSMR-GH1-UEA03.corp.nsa.gov ([10.215.224.3]) by MSHT-GH1-UEA02.corp.nsa.gov ([10.215.227.181]) with mapi id 14.02.0342.003; Tue, 1 Jul 2014 15:10:21 -0400
From: "Igoe, Kevin M." <kmigoe@nsa.gov>
To: 'Watson Ladd' <watsonbladd@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] My comments on TLS requirements from today's interim
Thread-Index: AQHPY+Ru37o2VTJun0yV6vcUQ0wsc5uLcHsAgABoNwCAAASngIAAFSMg
Date: Tue, 01 Jul 2014 19:10:20 +0000
Message-ID: <3C4AAD4B5304AB44A6BA85173B4675CABAA9CD67@MSMR-GH1-UEA03.corp.nsa.gov>
References: <CABcZeBOMUw5fv--ar=r+5KL76UKz7NDU2M=aEYomjfMjSy+Fog@mail.gmail.com> <53B25D54.5080003@brainhub.org> <FB5F9D06-C183-4284-9AAD-B189CDCEC2D8@vpnc.org> <CACsn0cn752gCdSwPAcLeR97uNFD7xeio5YPuuBpOw=5rRXCU4A@mail.gmail.com>
In-Reply-To: <CACsn0cn752gCdSwPAcLeR97uNFD7xeio5YPuuBpOw=5rRXCU4A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.228.153]
Content-Type: multipart/alternative; boundary="_000_3C4AAD4B5304AB44A6BA85173B4675CABAA9CD67MSMRGH1UEA03cor_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/2VzPP6gtrxf3dthgtBBmo52FSes
Subject: Re: [Cfrg] My comments on TLS requirements from today's interim
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 19:10:24 -0000

Let me clarify a wee bit.  In the LONG RUN we don’t see any problems with Curve  25519,
but we don’t change things on a dime.  Crypt design has been and should be conservative,
both to minimize the chance of adopting a flawed system and to recoup the multi
million dollar investment needed to field a new system or make changes to an existing
system.  Military procurement and deployment makes a glacier look fast.  Curve 25519
will not be in Suite B in the near future, but we don’t want to hold other folks back from
moving forward so long as the NIST curves remain at least a MAY implement.

That said, some folks have come forward requesting that future curves, when put
in Weierstrass form,  have a=-3, i.e. y^2 = x^3 -3*x + b.  As best I can tell a=-3 seems to be
hardwired into some of our gear.  Also we’ll need a 192-bit secure curve (i.e. ~2^384
points on the curve).

And as always there are cert problems.  Ah for the good old days, when certs were viewed
to be a solution to our problems rather than a source of endless headaches!

From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Watson Ladd
Sent: Tuesday, July 01, 2014 9:33 AM
To: cfrg@irtf.org
Subject: Re: [Cfrg] My comments on TLS requirements from today's interim


On Jul 1, 2014 6:17 AM, "Paul Hoffman" <paul.hoffman@vpnc.org<mailto:paul.hoffman@vpnc.org>> wrote:
>
> Trying to predict what NIST will do with FIPS-140 certification is silly. Even they don't know from year to year. The NIST of today is not the NIST of 14 months ago; it is likely that there will be other major shifts in NIST's view of itself and what it has to do to stay relevant.

I had this concern at the CFRG meeting. Kevin Igoe said that the NSA had no objections to Curve 25519 being in Suite B.

There is a legacy cert and software problem: it's likely software will need to deploy several curves for compatibility with x509 certs.

Finally, OpenSSL supports non FIPS algorithms as well as FIPS algorithms. It's not impossible to do the same.

Sincerely,
Watson Ladd
>
> --Paul Hoffman
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org<mailto:Cfrg@irtf.org>
> http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email