Re: [Cfrg] When's the decision?
"Parkinson, Sean" <sean.parkinson@rsa.com> Fri, 17 October 2014 08:51 UTC
Return-Path: <sean.parkinson@rsa.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92AF1A9139 for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 01:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nE4Q0TbpBaZ for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 01:51:02 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD6421A9135 for <cfrg@irtf.org>; Fri, 17 Oct 2014 01:51:01 -0700 (PDT)
Received: from maildlpprd03.lss.emc.com (maildlpprd03.lss.emc.com [10.253.24.35]) by mailuogwprd03.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s9H8owpX014560 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 17 Oct 2014 04:51:00 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd03.lss.emc.com s9H8owpX014560
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=rsa.com; s=jan2013; t=1413535860; bh=4BDkHMLPQAGDgofKcFkzvG6eWmQ=; h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=QlTBaDSQmEaKKdGG8Yq0mooQYR6bIuv/NoBMFjuAiA9kHDWErrBiczmLDesjak8oR FSQuSXPmzII8u3VB7xiO6yG+2zxN3DLvmJxPPe6Rq27s9cWCYSu3nIS/OHAa1Y2c1a 5TJ4/YeZJHRQNvyCW0P9+aSjCNZGp4Slal8w5sgw=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd03.lss.emc.com s9H8owpX014560
Received: from mailusrhubprd53.lss.emc.com (mailusrhubprd53.lss.emc.com [10.106.48.18]) by maildlpprd03.lss.emc.com (RSA Interceptor); Fri, 17 Oct 2014 04:50:44 -0400
Received: from mxhub35.corp.emc.com (mxhub35.corp.emc.com [10.254.93.83]) by mailusrhubprd53.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s9H8opBP015309 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 17 Oct 2014 04:50:52 -0400
Received: from mx17a.corp.emc.com ([169.254.1.210]) by mxhub35.corp.emc.com ([::1]) with mapi; Fri, 17 Oct 2014 04:42:10 -0400
From: "Parkinson, Sean" <sean.parkinson@rsa.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Date: Fri, 17 Oct 2014 04:42:09 -0400
Thread-Topic: [Cfrg] When's the decision?
Thread-Index: AQHP4XoCGxb9lbfhS02i9PAKELf1JZwmeIwAgABZUQCADDoRgIAA+SiQ
Message-ID: <2FBC676C3BBFBB4AA82945763B361DE60A76B232@MX17A.corp.emc.com>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to> <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com> <D065B1D4.3044B%kenny.paterson@rhul.ac.uk>
In-Reply-To: <D065B1D4.3044B%kenny.paterson@rhul.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd53.lss.emc.com
X-RSA-Classifications: public
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/C09YgzQlFkxTFEIl-3wGyKK1DnU
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Oct 2014 08:51:03 -0000
While I still think that X25519 has speed and implementation simplicity advantages over numsp256t1, the fact that it can only be used for key exchange makes it difficult to recommend - you need another curve implementation anyway. X25519 is already in use and, even if the CFRG don't recommend it, I believe it will be used - any speed advantage, despite code complexity cost, will be taken by implementers. How this relates to other possible Montgomery curves I don't know. When a decision is made on the stronger curve a Montgomery equivalent may appear. Sean -- Sean Parkinson | Consultant Software Engineer | RSA, The Security Division of EMC Office +61 7 3032 5232 | Fax +61 7 3032 5299 www.rsa.com -----Original Message----- From: Paterson, Kenny [mailto:Kenny.Paterson@rhul.ac.uk] Sent: Friday, 17 October 2014 2:35 AM To: Parkinson, Sean; cfrg@irtf.org Subject: Re: [Cfrg] When's the decision? Sean, Are you planning to bring additional information on the issues that you refer to below to the list? Your additional input would be most welcome of course, but without concrete details, it's difficult to factor your initial comments below into our deliberations. Thanks Kenny On 08/10/2014 23:51, "Parkinson, Sean" <sean.parkinson@rsa.com> wrote: >I have concerns about a decision being made about which curves to >recommend 'before Halloween'. >I am unaware of 3rd parties implementing and confirming all the curves >that have been proposed. >Making a decision on new elliptic curves based on data that hasn't been >corroborated by a 3rd party is bad practice. > >I have been implementing as many of the curves as I can and my >performance results, so far, do not always match those that I have seen >in papers. > >Also, I am concerned that, while some curves are being implemented to >be constant time, not all curves are being implemented to be cache >attack resistant. Either all implementations need to be resistant or >all implementations not. Only then can a true comparison be made. > >Until these issues are dealt with I feel there is not sufficient >information to make a decision. > >Sean >-- >Sean Parkinson | Consultant Software Engineer | RSA, The Security >Division of EMC Office +61 7 3032 5232 | Fax +61 7 3032 5299 >www.rsa.com > >_______________________________________________ >Cfrg mailing list >Cfrg@irtf.org >http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Yoav Nir
- Re: [Cfrg] When's the decision? Stephen Farrell
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? David Jacobson
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Michael Hamburg
- Re: [Cfrg] When's the decision? David Jacobson
- Re: [Cfrg] When's the decision? D. J. Bernstein
- [Cfrg] Publicly verifiable benchmarks D. J. Bernstein
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Mike Hamburg
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Phillip Hallam-Baker
- Re: [Cfrg] When's the decision? Mike Hamburg
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] Publicly verifiable benchmarks David Jacobson
- Re: [Cfrg] Publicly verifiable benchmarks Michael Hamburg
- Re: [Cfrg] Publicly verifiable benchmarks Andrey Jivsov
- Re: [Cfrg] Publicly verifiable benchmarks Watson Ladd
- Re: [Cfrg] Publicly verifiable benchmarks Parkinson, Sean
- Re: [Cfrg] Publicly verifiable benchmarks D. J. Bernstein
- Re: [Cfrg] Publicly verifiable benchmarks Michael Hamburg
- [Cfrg] Constant-time implementations D. J. Bernstein
- Re: [Cfrg] Constant-time implementations David Jacobson
- Re: [Cfrg] Constant-time implementations Adam Langley
- Re: [Cfrg] Constant-time implementations Yoav Nir
- Re: [Cfrg] Constant-time implementations Watson Ladd
- Re: [Cfrg] Constant-time implementations Mike Hamburg
- Re: [Cfrg] When's the decision? Paterson, Kenny
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Ilari Liusvaara
- Re: [Cfrg] When's the decision? Yoav Nir
- [Cfrg] ed448goldilocks vs. numsp384t1 and numsp51… D. J. Bernstein
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Ilari Liusvaara
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Michael Hamburg
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Ilari Liusvaara
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Michael Hamburg