Re: [Cfrg] Curve manipulation, revisited

David Gil <dgil@yahoo-inc.com> Thu, 25 December 2014 21:03 UTC

Return-Path: <dgil@yahoo-inc.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A025E1A885D for <cfrg@ietfa.amsl.com>; Thu, 25 Dec 2014 13:03:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.802
X-Spam-Level:
X-Spam-Status: No, score=-15.802 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_DEF_WHITELIST=-15] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mlNbMvUgsjpT for <cfrg@ietfa.amsl.com>; Thu, 25 Dec 2014 13:02:59 -0800 (PST)
Received: from mrout2.yahoo.com (mrout2.yahoo.com [216.145.54.172]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FBE61A1AAA for <cfrg@irtf.org>; Thu, 25 Dec 2014 13:02:59 -0800 (PST)
Received: from omp1056.mail.ne1.yahoo.com (omp1056.mail.ne1.yahoo.com [98.138.89.198]) by mrout2.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id sBPL2qI2019033 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <cfrg@irtf.org>; Thu, 25 Dec 2014 13:02:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yahoo-inc.com; s=cobra; t=1419541372; bh=iDWBZqoYMtXs/GNHxA569AuA4LxpOTl5f422EZ4gfjU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject; b=SYIe6R5l1QmvZp0JOuBeKoMErbjwz4oWpY70fXUAKUly7Ar8LkHPIXK1QQE89G43W SstRYkEEzO/h8WtxP6bAz1VUBNrwEQGDhpjZ/0Yvj9MZ8SgWVOKPHkIcgKRwl8EqHM mtMwqxCHI4rxH2+sk5h9NsaJ/cEMbAxLiPJkoQyE=
Received: (qmail 52274 invoked by uid 1000); 25 Dec 2014 21:02:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1419541371; bh=yAxbsIQCvZugSEa1gDINpPOBtjKqh3ie5UDJeBAy1lE=; h=Date:From:Reply-To:To:Cc:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; b=kxAvNYXpl07RMeFBkMZAS1el+hREPjaNcMOIJpqpHJvRcbH+m48o+zRnfOfyiHkp3JcMh1VWS2OnrwohfmVWlEO2ApyGxh+2l0Fxn3qI6VSeIO0jIiiwN8Z/8QhY4WJm6CVgbAonmuuVy4F73OgWJ9TcLnLnnk/gwpGx/yrH3yg=
X-YMail-OSG: AdN3Qn0VM1lLJnBIsO2MKT0UHL1Kh6rakOlth2tjSQ2q81Lx9Fr6ZyjClN_52mx SXnoOpUgSuV296dkiCU1P5Bq4.e_E.b5fYrTl3ePUp3VhLngIUzLBj2D.XpSQRLmNWyM99OeGjOT GzmZCm5npDjJkDOztewC0HwrEINCvyz7CCr_1tSId8FZNtMhWt8rkaV_rw.rMk_QYBGQillajcWM hXabYWhfoA4gZ4cljC3FYZinDUeoyVCD9uOLA6SvZq0a.WzkZC6hjI9Q-
Received: by 98.138.105.240; Thu, 25 Dec 2014 21:02:51 +0000
Date: Thu, 25 Dec 2014 21:02:50 +0000 (UTC)
From: David Gil <dgil@yahoo-inc.com>
To: "Salz, Rich" <rsalz@akamai.com>, Adam Langley <agl@imperialviolet.org>
Message-ID: <187162767.804672.1419541371010.JavaMail.yahoo@jws100156.mail.ne1.yahoo.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C71D55236D22@USMBX1.msg.corp.akamai.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D55236D22@USMBX1.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/A67cQCzgzAV32VUu4gZIw4Sp9z8
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Curve manipulation, revisited
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Gil <dgil@yahoo-inc.com>
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Dec 2014 21:03:00 -0000

Frankly, I think that the difficulty here is that there really is
little difference between any of the curve proposals.

They are all rigid enough. They are all fast enough. Most are safe
enough.

I'd suggest that the right thing for the CFRG to do is this:

Issue a recommendation that:

  - states the safety criteria for curves,
  - defines a point-format for curves that do not already have one
    defined,
  - notes existing curves that meet the safety criteria,
  - and recommends that WGs adopt curves from that list
    as appropriate for their protocols' needs.

-dlg