Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

Dan Brown <dbrown@certicom.com> Wed, 11 February 2015 16:19 UTC

From: Dan Brown <dbrown@certicom.com>
To: "'cfrg@irtf.org'" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Thread-Index: AdBFLhzSSYQ2KyHKE0ig5honf6M6bAA5MvnA
Date: Wed, 11 Feb 2015 16:19:35 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF5D510A8@XMB116CNC.rim.net>
References: <20150210123553.6639764.18763.26085@certicom.com>
In-Reply-To: <20150210123553.6639764.18763.26085@certicom.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0083_01D045EC.9DB5F350"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/F67gSoLPvL5m4AbqnAlIK3yh3Lw>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Precedence: list

I revise my vote due to the chairs' clarifications:

Short term: {192=no,256=no} so that IRTF can recommend Curve25519 within an
IETF timeframe.
Long term: {192=yes,256=yes} so that IRTF can recommend curves that try to
minimize risks of ECC.  

Also, I think the chairs have clarified well enough that they were asking
the short term question, so my vote becomes (no,no).

Regarding what's 192, I note NIST/SEC2 recommended a 409-bit binary for 192,
so 414 is not too far off that precedent.

Regarding using non-EC DH groups instead of larger EC groups, that seems to
introduce some rather new risks, albeit perhaps with efficiency gains,
without solving the risk due to Shor's algorithm.  So, I disagree: I think
yet more security can be squeezed out of ECC.

> -----Original Message-----
> From: Dan Brown
> Sent: Tuesday, February 10, 2015 7:36 AM
> Yes + yes.
> 
> clarification: curve _providing at least_ security level x. eg 521 for
512.
> 
> main reason: margin of error
>

Attachment: smime.p7s

[Cfrg] Elliptic Curves - poll on security levels … Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Torsten Schütze
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Nguyen Dr., Kim
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Christoph Anton Mitterer
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Paul Hoffman
Re: [Cfrg] Elliptic Curves - poll on security lev… Adam Langley
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Stephen Farrell
Re: [Cfrg] Elliptic Curves - poll on security lev… Salz, Rich
Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
Re: [Cfrg] Elliptic Curves - poll on security lev… Alyssa Rowan
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
Re: [Cfrg] Elliptic Curves - poll on security lev… Станислав Смышляев
Re: [Cfrg] Elliptic Curves - poll on security lev… Andy Lutomirski
Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Damien Miller
Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Jones
Re: [Cfrg] Elliptic Curves - poll on security lev… Benjamin Beurdouche
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… David Leon Gil
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Harkins
Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
Re: [Cfrg] Elliptic Curves - poll on security lev… Bindhunadhava
Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Manger, James
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Eric Rescorla
Re: [Cfrg] Elliptic Curves - poll on security lev… Annie Yousar
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Andrey Jivsov
[Cfrg] Why I think 256-level is a bad idea [Was: … Ilari Liusvaara
Re: [Cfrg] Why I think 256-level is a bad idea [W… Adam Langley
Re: [Cfrg] Elliptic Curves - poll on security lev… Michael Scott
Re: [Cfrg] Elliptic Curves - poll on security lev… Simon Josefsson
Re: [Cfrg] Elliptic Curves - poll on security lev… _MiW
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Joseph Salowey
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
Re: [Cfrg] Elliptic Curves - poll on security lev… Nex6|Bill

Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

Attachment: smime.p7s