Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

Dan Brown <dbrown@certicom.com> Tue, 10 February 2015 15:32 UTC

From: Dan Brown <dbrown@certicom.com>
To: "'phill@hallambaker.com'" <phill@hallambaker.com>, "'alexey.melnikov@isode.com'" <alexey.melnikov@isode.com>
Thread-Topic: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Thread-Index: AQHQRUR1cY3nxauTA02aUJQ0NayRtJzp/zuA
Date: Tue, 10 Feb 2015 15:31:53 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF5D4F9A3@XMB116CNC.rim.net>
References: <54D9E2E3.4080402@isode.com> <CAMm+LwjVm_UyP2euBUR4or9kKgEDtroqJc7S59rEED2YX7Dozw@mail.gmail.com>
In-Reply-To: <CAMm+LwjVm_UyP2euBUR4or9kKgEDtroqJc7S59rEED2YX7Dozw@mail.gmail.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_002D_01D0451C.C9513E50"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/92KIbxIWNsiwv0U_rRwy_DfbL98>
Cc: "'cfrg@irtf.org'" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Precedence: list

> From: Phillip Hallam-Baker
> Sent: Tuesday, February 10, 2015 10:14 AM

> The two places we will be using the code is for ephemeral key agreement and 
> for initial agreement of a
> master key. Assuming that we fix the TLS key derivation alg so that a 128 
> bit ephemeral does not weaken a
> 256 bit negotiation, I predict ephemeral will be exclusively Curve 25519 and 
> PKI will be exclusively
> Curve~512.

Counterarguments for the opposite, i.e. 128-bit security for PKI and 256-bit 
security for key agreement. First, confidentiality often relies key agreement 
and confidentiality potentially needs long-term (future) security, so 
margin-of-error is arguably more important. PKI, by definition, is only as 
secure as the security of CAs and the security of the communication used to 
obtain their CA self-signed certificates: larger key sizes does not fix these 
two bottlenecks.

Attachment: smime.p7s

[Cfrg] Elliptic Curves - poll on security levels … Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Torsten Schütze
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Nguyen Dr., Kim
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Christoph Anton Mitterer
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Paul Hoffman
Re: [Cfrg] Elliptic Curves - poll on security lev… Adam Langley
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Stephen Farrell
Re: [Cfrg] Elliptic Curves - poll on security lev… Salz, Rich
Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
Re: [Cfrg] Elliptic Curves - poll on security lev… Alyssa Rowan
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
Re: [Cfrg] Elliptic Curves - poll on security lev… Станислав Смышляев
Re: [Cfrg] Elliptic Curves - poll on security lev… Andy Lutomirski
Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Damien Miller
Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Jones
Re: [Cfrg] Elliptic Curves - poll on security lev… Benjamin Beurdouche
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… David Leon Gil
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Harkins
Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
Re: [Cfrg] Elliptic Curves - poll on security lev… Bindhunadhava
Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Manger, James
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Eric Rescorla
Re: [Cfrg] Elliptic Curves - poll on security lev… Annie Yousar
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Andrey Jivsov
[Cfrg] Why I think 256-level is a bad idea [Was: … Ilari Liusvaara
Re: [Cfrg] Why I think 256-level is a bad idea [W… Adam Langley
Re: [Cfrg] Elliptic Curves - poll on security lev… Michael Scott
Re: [Cfrg] Elliptic Curves - poll on security lev… Simon Josefsson
Re: [Cfrg] Elliptic Curves - poll on security lev… _MiW
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Joseph Salowey
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
Re: [Cfrg] Elliptic Curves - poll on security lev… Nex6|Bill

Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

Attachment: smime.p7s