Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)

Watson Ladd <watsonbladd@gmail.com> Sat, 24 January 2015 01:10 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA83B1A8A23 for <cfrg@ietfa.amsl.com>; Fri, 23 Jan 2015 17:10:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wnikcqwDd1Dn for <cfrg@ietfa.amsl.com>; Fri, 23 Jan 2015 17:10:13 -0800 (PST)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD6011A8A10 for <cfrg@irtf.org>; Fri, 23 Jan 2015 17:10:12 -0800 (PST)
Received: by mail-yk0-f169.google.com with SMTP id 200so345742ykr.0 for <cfrg@irtf.org>; Fri, 23 Jan 2015 17:10:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YMXyDhJ5gYOsX5bKVwZ1sAsHWnAmPTU68Oj2YRQ7X8U=; b=c5HV9J+hFt49Hf1iuEZYUZJh1DgDksjUlnHiDyYVhsx4pdmsifa//hgYASD5NNXUMV GtdpNXDzD6/5A5lyJX9uA+3EL8Aw4WPXcTCXKtFJqwI45qiyFk0aRLem0adgIB8BXzlJ NTBnv6yulfEkci9/Gd+SA/Fd7gWaRfXdDZRErlLAS9swOebcRNiEwgfk8nokmSPdEUtD GkqoUuQtcfm4jR4h6wlTp1Y2fvMo884Pifz3NKx7fSUaieMboibxpc4Qxc1N81m6vVhJ J/BVnxI7jJtE21TKih/6cIuOzDJdugIcgPoRLCOsZRae9mPAPrxD3LWblDc3eeMimWfF HRCA==
MIME-Version: 1.0
X-Received: by 10.236.26.233 with SMTP id c69mr4161584yha.49.1422061812139; Fri, 23 Jan 2015 17:10:12 -0800 (PST)
Received: by 10.170.115.77 with HTTP; Fri, 23 Jan 2015 17:10:12 -0800 (PST)
In-Reply-To: <0bee84ff19938a1a02dca5c422602215.squirrel@www.trepanning.net>
References: <BF9DADF6-003F-454D-8E96-4A28A060CA72@isode.com> <B31EEDDDB8ED7E4A93FDF12A4EECD30D40DF8FE3@GLKXM0002V.GREENLNK.net> <04A0462F-0A20-42F3-A404-FDA6A3E5A17A@akr.io> <0bee84ff19938a1a02dca5c422602215.squirrel@www.trepanning.net>
Date: Fri, 23 Jan 2015 17:10:12 -0800
Message-ID: <CACsn0c=5+4-AcfyP-8NvjiifGZZ9+HL5xcdRu1Lk71ugav94Uw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: multipart/alternative; boundary=001a11c1bfd8294e0a050d5b9134
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/9SIGLrkKdgnB7RlR5HeAkYBBRw0>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jan 2015 01:10:16 -0000

On Jan 23, 2015 2:44 PM, "Dan Harkins" <dharkins@lounge.org>; wrote:
>
>
>
> On Mon, January 19, 2015 4:27 am, Alyssa Rowan wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > On 19 January 2015 11:56:27 GMT+00:00, "Dearlove, Christopher (UK)"
> > <chris.dearlove@baesystems.com>; wrote:
> >> […] Is the use of little endian format here a deliberate design
> >> decision?
> >
> > Probably yes, to match every existing implementation of Curve25519
already
> > in the wild (and most commonly-used architectures)?
>
>   So a long-standing tradition of the on-the-wire format is changed
because
> of the way the first curve25519 library was written? That's a weak
> justification.

And this breaks what exactly? Picking big endian means picking a different
name at a minimum to avoid confusion. It means that already deployed SSH
installations either change or confuse everyone. It means that all existing
implementations become unusable, despite extensive review and verification
efforts.

What is actually gained from using big-endian?

Sincerely,
Watson Ladd

>
>   Dan.
>
> > TLS WG give new curves free reign on point format, explicitly not SEC1
> > constrained. They preferred little endian (weakly) for the above
reason, I
> > believe?
> >
> > - --
> > /akr
> > -----BEGIN PGP SIGNATURE-----
> > Version: APG v1.1.1
> >
> > iQI3BAEBCgAhBQJUvPgjGhxBbHlzc2EgUm93YW4gPGFrckBha3IuaW8+AAoJEOyE
> > jtkWi2t6zMYP/1zfZqPArx93uuddYNhL3FoApKh8rUmpJydhlVfAenxK7pfT7FjC
> > 17g2xFE5dHdA+RZEduf4YDqvQHN8DUWFe9v/pQtq/ev6Ety66CsBG1PV/sQ2hF7f
> > 474TKgp9S5ADndNttzD+AZx7JG1xiwvPoXp5BtY86R8tPNG+sfnOB+4Vxl9F7XPC
> > Cboi942fAlO4F5WxFxJhb8ZY0O9B0MDtfKZVg3SEkyZq+moGGjVwndlcBa26e5+S
> > iKQeyEXl1yGthSt3Pp7WGFnhu86Ul6/2cC1FmlmOTpXu8RRW3idvwF8Au5VJaJ5s
> > JEYRAN1FrT9U6Bdrjfs5VZHeQkhSK0jzRlnRFD2VsyBClRwmFDmuODiqJoWkiYHX
> > qTuZOwvyyqLFgAXgwm+uovTkIjrgKWam66G2ptAUacV3cqhiX0/VdGJIk+Hw2xTd
> > C95oSiIMw5vHQWuUWvCVh4s7G2kf5+nf930c3MRm4q1IdlFihvjVuLTP0uS8YMgb
> > 5EI/kpCEso6d3foVUTkTbLbe9rXm1AJtL9N7QJ1KdKGXtsHmhMkFjPijE1B3qvB4
> > aRzjEGoVV48j3yxM68SjyV38TgqvMwzi2qmoXZGeBocynIq+jT05F+d8K3ibUCgV
> > 2ZrKaWIinQs4JQ5Meu3UE0IMcpBQQ0/YE/XE4Y6AUWjyde/mR6nHE+F5
> > =RTzy
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Cfrg mailing list
> >Cfrg@irtf.org
> >http://www.irtf.org/mailman/listinfo/cfrg
> >
>
>
> _______________________________________________
> Cfrg mailing list
>Cfrg@irtf.org
>http://www.irtf.org/mailman/listinfo/cfrg