Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-00.txt
Benjamin Black <b@b3k.us> Wed, 30 July 2014 18:28 UTC
Return-Path: <b@b3k.us>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78F0A1A036C for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 11:28:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9GlfgnOUvDrF for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 11:28:40 -0700 (PDT)
Received: from mail-we0-f178.google.com (mail-we0-f178.google.com [74.125.82.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C19171A01C8 for <cfrg@irtf.org>; Wed, 30 Jul 2014 11:28:39 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id w61so1655432wes.37 for <cfrg@irtf.org>; Wed, 30 Jul 2014 11:28:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=hTarzOhNn0iYiKytxfIY2Ia+EUiIq6m72ttvDTrzF3k=; b=GeI+qp7uqvZQqHl+Id266kXWNuosAD9qD4iW1LVzFYA/kUeoLmx/0LWGFsPROdv2Lk sCGCsFrltOw6K4YXuBipAYyk5vCz9t+TFjF4MbVgJRIoMYa16nJnyO6hs0TWo57M7K7V xsaZaqgNFs0396ctX9yakHp8yIDVRF6uBpElDTQsE39pZ2dtnTs6Vqco2y7m0PvEIByI dLNi7+usMqQWW2EZwS7u1S149w69KVRagv1vtzgY26khC4QbHzksVMLYn5kybr41rPud 0Fd/YvUX1q3o8EKq4kw0DvyNG51Hh2MDomi3dWBNuNIFtGehCM9se9LrRUNLAM2o1xRm k+dA==
X-Gm-Message-State: ALoCoQnKAFUfA5jobMXtoMCiBPHp2T1Fcyg5OHx2buz/MypNQIEG+Unn6nldajZQSpO/bPh48ogO
X-Received: by 10.180.94.234 with SMTP id df10mr9544634wib.76.1406744918328; Wed, 30 Jul 2014 11:28:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.44.138 with HTTP; Wed, 30 Jul 2014 11:28:18 -0700 (PDT)
In-Reply-To: <CAMm+LwhKvb1Yf=PM5r8dZmFp+xB68OMaN41AooHS5vRfTyMSGw@mail.gmail.com>
References: <20140729195926.2156.45746.idtracker@ietfa.amsl.com> <0D69E8E1-336C-4884-A87F-7656432AEB15@ieca.com> <m2bns6yb5u.wl%randy@psg.com> <CAMm+LwhKvb1Yf=PM5r8dZmFp+xB68OMaN41AooHS5vRfTyMSGw@mail.gmail.com>
From: Benjamin Black <b@b3k.us>
Date: Wed, 30 Jul 2014 11:28:18 -0700
Message-ID: <CA+Vbu7xLjdPzN-0OUdbwiqCNUx00d6+pMBhePjBaFo0YL1Q7cg@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="f46d0444ea9f25a62504ff6d5397"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/9ULaLkPCm9dsTtaCuFuCdzjTsYI
Cc: Sean Turner <TurnerS@ieca.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 18:28:41 -0000
On Wed, Jul 30, 2014 at 11:16 AM, Phillip Hallam-Baker < phill@hallambaker.com> wrote: > On Wed, Jul 30, 2014 at 2:05 PM, Randy Bush <randy@psg.com> wrote: > > sean, we also need signatures. would you consider adding ed25519 to > > this draft or doing a parallel draft? > > We do need signatures, but do we need curve 25519 signatures? > > Using the same curve across kx and signatures simplifies specification, implementation, and deployment. > > RSA allows one key to be used for encryption and signature easily. But > that is still terrible security practice. > > I don't see how this is relevant to using the same curves in different algorithms. > Looking through the sets of requirements we have, a curve optimized > for encryption may not be best for signatures. And writing up how to > do signatures from a curve is non-trivial (unless its 'do DSA with > this curve') > > Specific to Randy's request, EdDSA is specified in the same paper as ed25519. > Given that the EC keys are short, we could have a combined 'encryption > and signature' certificate but with different curves for each one. > > The discussion is about using the same curves in different algorithms. Curves are not keys. b
- [Cfrg] Fwd: I-D Action: draft-turner-thecurve2551… Sean Turner
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Ilari Liusvaara
- Re: [Cfrg] I-D Action: draft-turner-thecurve25519… Sean Turner
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Randy Bush
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Phillip Hallam-Baker
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Salz, Rich
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Benjamin Black
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Robert Ransom
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Paul Lambert
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Randy Bush
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Salz, Rich
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Tanja Lange
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… James Cloos
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Stephen Farrell
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Watson Ladd
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Randy Bush