IETF Logo Mail Archive

Re: [Cfrg] A way out of the little/big endian dispute?

Watson Ladd <watsonbladd@gmail.com> Mon, 30 March 2015 13:59 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 794B21ACEE4 for <cfrg@ietfa.amsl.com>; Mon, 30 Mar 2015 06:59:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTOp64NlQj_3 for <cfrg@ietfa.amsl.com>; Mon, 30 Mar 2015 06:59:24 -0700 (PDT)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A3541ACEE3 for <cfrg@irtf.org>; Mon, 30 Mar 2015 06:59:24 -0700 (PDT)
Received: by wgdm6 with SMTP id m6so176077474wgd.2 for <cfrg@irtf.org>; Mon, 30 Mar 2015 06:59:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RLe5beepxJlsE9ZgsJ8VJYdQgCLRbX1nIQp2p8pmkT0=; b=ndfo/lDCpszM9n1ckzwhOO0v4eiU6LdkmZnCDoXKQQRwflIQSwptjV4GkXEYaB+QV6 U1+nEIV5hN207jY1icJbJWqVj1ZMUT8Knfh1n/NUf+CZOtt62eHjPZHv61f8ebWF6phf TklkWgQL6r4aoOlF/8+z4OO0xd/jVzvVHShZRTz+M/JzjP+oBHdKTHxm+1ia2hBvQUbz 61hRdlM+T+mpH4mdFH3+9D3uOjtUXyQqYwDi+X9JXx1NGJI/xbhQJ2xdBmTePSC/1wdZ nHMLva+/ZJubaN/9mXVBPnGuQ5uFWsFdtZCJ1dIUOrmLx/6tBvGTRr4J+Jy5U0sKQBuK TO0Q==
MIME-Version: 1.0
X-Received: by 10.194.201.164 with SMTP id kb4mr63412573wjc.32.1427723962834; Mon, 30 Mar 2015 06:59:22 -0700 (PDT)
Received: by 10.194.136.233 with HTTP; Mon, 30 Mar 2015 06:59:22 -0700 (PDT)
In-Reply-To: <CACsn0cm5hjKcQefws8omhiC0CmSv8ewr-7cXfRfx20bbsGY2Ug@mail.gmail.com>
References: <CAMm+LwhVtKjYjTa-RwQ0_mGCqXDSsAQKApQUdoTZrXXfsUPokA@mail.gmail.com> <55166117.9070208@akr.io> <5d421abc84b3118b86f99fe7a9897e26.squirrel@www.trepanning.net> <CACsn0cm5hjKcQefws8omhiC0CmSv8ewr-7cXfRfx20bbsGY2Ug@mail.gmail.com>
Date: Mon, 30 Mar 2015 06:59:22 -0700
Message-ID: <CACsn0ckBxAxWuEjM+rxZodFf6dipfTBX-TyOJQCq8__AyFunhg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/FdtAHcXR1RmfkVml7-R0SgLiivo>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] A way out of the little/big endian dispute?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2015 13:59:26 -0000

On Mon, Mar 30, 2015 at 6:53 AM, Watson Ladd <watsonbladd@gmail.com> wrote:
>
> On Mar 29, 2015 11:33 PM, "Dan Harkins" <dharkins@lounge.org> wrote:
>>
>>
>>
>> On Sat, March 28, 2015 1:06 am, Alyssa Rowan wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA512
>> >
>> > On 2015-03-28 02:26, Phillip Hallam-Baker wrote:
>> >
>> >> Now since we are talking about TLS on the wire here we are actually
>> >> breaking the TLS spec which states
>> >
>> > No. The TLS WG explicitly declared the internals such as point formats
>> > of all new curves being specified - i.e. ours - to be completely
>> > opaque byte vectors to the TLS protocols and structures.
>> >
>> > All details of formats and endianness are explicitly _our_ problem,
>> > and not theirs. I surmise they'd prefer them to as close to the crypto
>> > and simple as possible, not abstracted away behind dreadful ASN.1
>> > bigints.
>>
>>   Big endian != ASN.1, I don't know where that's coming from. Check
>> out htonl(), it makes big endian and it involves absolutely no ASN.1.
>
> It takes an integer in an unknown range (size of int) and mungs it. How is
> that relevant to turning a number in a much larger range into a string of
> bytes?
>
>>
>> > I don't feel there's a dispute remaining: we seem to have overwhelming
>> > consensus on little-endian.
>>
>>   There certainly is a collective that is pushing for little-endian. Not
>> that
>> I'm suggesting any such thing but if we were to base one's voice in the
>> matter on how long that person has been on this list we'd get a much
>> different result.
>>
>>   Big endian has been the wire format for decades. And now all of a
>> sudden we're told to rubber stamp a little endian format just because.
>> Because that's how it was done and we can't change it, ignoring the
>> fact that little endian is the change.
>
> Change for what and for who? I assume you don't have

(Apologies for the premature send: This should continue as below)

an implementation that uses big endian. Of course, there is an ongoing
poll were very few people have stuck up for big endian. Perhaps its
because you've never been able to point to code in SSH that is more
complicated because of the use of little-endian in Curve25519, or
explain why a convention for the representation of short lengths in
network protocols has to determine the representation of opaque values
(which, as MD5 shows, it doesn't).

The whole issue is writing the function that computes the scalarmult.
You've never explained why this is made more difficult by
little-endian, while it's clear that parsing half of all fields in a
packet as little-enedian and half as big-endian is a pain. But it's
very clear that defining two functions with the same name is a bad
idea.

Sincerely,
Watson Ladd
>
>
>>
>>   Dan.
>>
>> > - --
>> > /akr
>> > -----BEGIN PGP SIGNATURE-----
>> >
>> > iQIcBAEBCgAGBQJVFmELAAoJEOyEjtkWi2t6EPcQAItcwrENtI3aAB3UOMD1sqwP
>> > dDU8SsPEKTSxOU4/aJWg1CFvmbbDZg3sFepUnB80yUcXC4wkfC4/YLFxjoJcakCS
>> > NC+cHHg6e1j62GNjrNbNQniV+e2N4cU7190vO0kPDiyrXwVxlUUSRBpXNV9IMwXZ
>> > fduDgcHDd/F/zn53htXJ4LnrLpL5An5/Ets0fYs7IjrjmscaPSWf/W3mqHvwxsf+
>> > YpAU0Q2svH2oD34qN9GqNnB5dIUfJ3ZmqeggLeohM3565In3pfItasaOioXlHE1G
>> > gCvOot9+ySmqfm0jkv3tQWmKVEbCfpw2jyycXd7ZANUcxpGbspPI3kkVRTBkwxHt
>> > UP9xXt7RUMkyc7XUK//SzG/xQtNKMSc0kXUAuS1ZcXEd4r9ggcrFcL51o7rwujlH
>> > IaualdHFnTmB3HmWUI0ANYOD8q6lrrIFcpBvum1ZHOZMu+EeOi8P3Y4+4fGRZc7R
>> > nOoWD9ZvyBWP6JdoH4kAVsMUV8fK+Y7/bP3YiU864VnvHZwtbaWpjH9SV8FJq+x/
>> > F+PcHWyCi2ck67dzWHzuIaAp3jsh32t05iMyi8XhF5jNjlcBlvuyOF4vzCc85aTp
>> > Ioz0I2HomZHbLEA5Igr7u0elcp/o3QkO/beCCZTjEJ6Jk59t53phReb4fafEeBsC
>> > Uk5uAUhrOLA2PxS7Qg/F
>> > =ZTrH
>> > -----END PGP SIGNATURE-----
>> >
>> > _______________________________________________
>> > Cfrg mailing list
>> > Cfrg@irtf.org
>> > http://www.irtf.org/mailman/listinfo/cfrg
>> >
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> http://www.irtf.org/mailman/listinfo/cfrg



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email