Re: [Cfrg] Requirements for curve candidate evaluation update

Alyssa Rowan <akr@akr.io> Thu, 14 August 2014 13:10 UTC

Return-Path: <akr@akr.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B9F71A06EE for <cfrg@ietfa.amsl.com>; Thu, 14 Aug 2014 06:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1L1wfIrdBR31 for <cfrg@ietfa.amsl.com>; Thu, 14 Aug 2014 06:10:49 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C7D31A06EA for <cfrg@irtf.org>; Thu, 14 Aug 2014 06:10:49 -0700 (PDT)
User-Agent: K-9 Mail for Android
In-Reply-To: <CAMm+Lwh7BAGW6hQfqcDeciYk5nvePwe39Szo0zeCn9hrQLgNBA@mail.gmail.com>
References: <CA+Vbu7wuAcmtAKJYEgAaSBTf6sj8pRfYpJhz2qV_ER=33mrk8Q@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C8CEB@USMBX1.msg.corp.akamai.com> <CA+Vbu7zfbx-OqU=ggXgutDb+GNwvS3QpkTwzU1c+2Lcv=3Gawg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C9094@USMBX1.msg.corp.akamai.com> <CAMm+Lwg8EZ-MWN4hKxzN+g5L9-GjgEGV49NqYNEnK=34qrkb+w@mail.gmail.com> <53EC4DDD.7010503@akr.io> <CAMm+Lwh7BAGW6hQfqcDeciYk5nvePwe39Szo0zeCn9hrQLgNBA@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
From: Alyssa Rowan <akr@akr.io>
Date: Thu, 14 Aug 2014 14:10:38 +0100
To: cfrg@irtf.org
Message-ID: <baaf2afd-3c27-47b8-a04d-6775d258e48d@email.android.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/6bAJJqUJu02G2EZROu4tcwwT-9w
Subject: Re: [Cfrg] Requirements for curve candidate evaluation update
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 13:10:56 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 14 August 2014 13:26:01 BST, Phillip Hallam-Baker <phill@hallambaker.com> wrote:

>It isn't quite true to say that you can do everything in hardware or software. There are very specific constraints here to do with side channels and IPR that could have a huge bearing on what curve families are viable and which are not.

Well, as per IPR policy: please identify any (still-extant) relevant patents you're aware of?

>There are very few serious CAs. So its not surprising there are few ECC roots. We have ECC roots, so do the other leading CAs. But the reason for the lag has been IPR FUD.

>From who: Certicom? (Who are on this list.) All the more reason to bring this to the fore, then: if "IPR FUD" is constraining wide PKIX adoption of ECDSA with NIST P256, then there is actually far _less_ legacy for us to be scared of deprecating, and more reason for us to consider carefully the IPR status of every algorithm, technique and curve family considered.

We need to recommend things everyone can actually use, royalty-free.

- --
/akr
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQI3BAEBCgAhBQJT7LVNGhxBbHlzc2EgUm93YW4gPGFrckBha3IuaW8+AAoJEOyE
jtkWi2t6X/MP/3up+kJ9TSSdkSXGijX/Yd50OeLLXFiSWekccVfPI30xUhnh46Hv
me17ThmEfdQbGeTmTEDmCfb5kwxvCzR/zZeS5Xw7PSVon3VaKumyGJqRq4Yrpn1a
LLXtp6pcR82DWfVZyoAaVMsMdVJQQQyNN9Dsfmhw7qA7TAxwl91vxmmGVXfL5MGM
OQziVO5quOBd6KCO19g32ptMVARZqjwNOa27JDI5ubBbOKcX/h2epL1uwUrgBsEv
2zHFEEKWIKEr+n9/WTrBHI6ah6eu2wjUweHFuQuHEBSaPjlRmCI5Odke55pVWPX8
5LgdADemSV/N0k6kFlYFiix9yvZxovpJCSNXW8uwubHqI5D8sW0Y3Dbl/hqWPH+c
BixnEgsVvoM5FThzJiO0cUhx4nKKGto6gFxmIrIuQa/W+/ym3G7v+07VRWYBtsF8
ZnZ+O2o3RK3q05Z8JwT9rdx6dLRHu2d04EbbB1dx9FTkm2Tf0Vdq49qe0Dig3L5O
8BHuh05IusAwUH1P9rJH/abZF9BPWA9Lv9AcJunhNx8InhvVZCDURpyoIwS4SP1+
ZGAvUPjuE9yMHYxUjWaX0M8yCi396W5EEFh5W4qxbA9cdxyCAmVYCKdLpzbhDPcw
VB5FrSvujl8gD5D3RPc1v4hpvEoDr5PoylBxv3SNYYXnGIHZpTnFMXsh
=zFrS
-----END PGP SIGNATURE-----