IETF Logo Mail Archive

Re: [Cfrg] Summary of the poll: Elliptic Curves - signature scheme: friendliness to low memory implementations (ends on June 3rd)

Andrey Jivsov <crypto@brainhub.org> Fri, 19 June 2015 23:13 UTC

Return-Path: <crypto@brainhub.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16E161A8980 for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2015 16:13:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YeCUzuNzJ-Yz for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2015 16:13:09 -0700 (PDT)
Received: from resqmta-po-03v.sys.comcast.net (resqmta-po-03v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:162]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D3F41A8830 for <cfrg@irtf.org>; Fri, 19 Jun 2015 16:13:09 -0700 (PDT)
Received: from resomta-po-01v.sys.comcast.net ([96.114.154.225]) by resqmta-po-03v.sys.comcast.net with comcast id iPD21q0014s37d401PD8ix; Fri, 19 Jun 2015 23:13:08 +0000
Received: from [IPv6:::1] ([71.202.164.227]) by resomta-po-01v.sys.comcast.net with comcast id iPD71q00K4uhcbK01PD7Xs; Fri, 19 Jun 2015 23:13:08 +0000
Message-ID: <5584A203.7040209@brainhub.org>
Date: Fri, 19 Jun 2015 16:13:07 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: cfrg@irtf.org
X-Priority: 5 (Lowest)
References: <20150619062752.3506.qmail@cr.yp.to> <558458AF.6080301@akr.io> <55847FA4.50606@isode.com> <55849F81.3090708@akr.io>
In-Reply-To: <55849F81.3090708@akr.io>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1434755588; bh=pe52KnsG3c+qfGW5WGVFZTLBi8AaNLXWNYFVsUxoHS4=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=a7bGuBQjpNRurTrkrpfF3SHK/yMy/ijEwpCrK2gcGA9x93w1tCX83pNrapUAKJC/l OEMG/8gXTavHdZQEn098eWjyfE7DdBWFnzXWd4+VQRE6vm7FK7QNnyoovKYKIP7QDx DneKzT0GsBsKMQQ4aYTqajypO2Ub3JfQoD7rSNWYcsAZCpJucgEh1BFCK4MSWPo7IK +A+kZ+qx6ZmutBQFv9hYZAWWXJlSoAlSlCDSqjKFoFk43N5DhTNnHxQ/E6ScmdJzaa jsoOAoHObJEAr2F/JVuLvzx3UwOKhpq8X+zU1nZ16krjI6KkP8wpvRRaszj9tRQDK3 5IKrPjzPD30jw==
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/B7TU5Og1Sp5VO1QwJGJBHjAUF3g>
Subject: Re: [Cfrg] Summary of the poll: Elliptic Curves - signature scheme: friendliness to low memory implementations (ends on June 3rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 23:13:11 -0000

On 06/19/2015 04:02 PM, Alyssa Rowan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2015-06-19 21:46, Alexey Melnikov wrote:
>
>> Just a reminder that CFRG is not trying to rubber-stamp any
>> particular signature algorithm.
>
> Naturally, I'm just saying: the further we diverge from something
> people already recognise as good, the more we'll need make sure to
> justify that divergence to scrutiny, or they might not want to use it.
>
>
> On 2015-06-19 19:04, Blumenthal, Uri - 0553 - MITLL wrote:
>> it is much more *usable* and *practical* that EdDSA(m).
>
> Of course the TLS WG, as implementers, get the last word on what is
> usable and practical for them.
>
> I was simply pointing out that OpenSSH have deployed EdDSA(m) with
> absolutely no troubles, and so have GnuPG, which have large messages.
> It worked for them, so I don't think it's a huge concern in practice?

No, OpenPGP uses EdDSA(H(m)) only, i.e. it relies on IUF and doesn't use 
the "high security" option, I believe exactly to avoid "troubles".

http://www.ietf.org/mail-archive/web/cfrg/current/msg06923.html

>
> But I also accept #1 is easier to shoe-horn into, say, PKCS#11, and
> agl's articulated the precise scenario underlying my discomfort with #3.
>
...

v2.23.0 | Report a Bug | By Email