Re: [Cfrg] Request from W3C WebCrypto Working Group - confirmation on recommendation

Watson Ladd <watsonbladd@gmail.com> Mon, 09 March 2015 17:00 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2501F1A8A64 for <cfrg@ietfa.amsl.com>; Mon, 9 Mar 2015 10:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02VRnfeDZY3J for <cfrg@ietfa.amsl.com>; Mon, 9 Mar 2015 10:00:49 -0700 (PDT)
Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC4C11A88A3 for <cfrg@irtf.org>; Mon, 9 Mar 2015 10:00:48 -0700 (PDT)
Received: by ykq142 with SMTP id 142so12918120ykq.2 for <cfrg@irtf.org>; Mon, 09 Mar 2015 10:00:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NqRRvpOwEyqWWqKHOi2D4EdZAD2T1JB4EIsd60RBGg8=; b=FMiwdbantuoz93rX82xqErN5piq/0ILvqRZCOXWoy2Egx/JGn/qpxdIOr47OSsWi3d XzsTJYqC6YLGE5eFrYp9eqvTajmq9mQLOk/pdlja1xRqtPQXqa+K/EBKskiy1RDc4sp6 FHgqnawMNvgz8bf4Zi2dB4fDPqJ62Q94jvdr66HrShYhgjSqr25rjIOMM5O2MPOrjKzy GcANNpYIN72Dr4XmeEB9wVWE1EzWAuBixKq/1hyLTyerQqWMkf1DRygv6Kg/Bll6IAEW p/KsojYpSrX/VHXqIm9fTXEHoCEPnV8/pDewCpLzatZ/UFuXClm2oZgMXnIngtwhOq9f N+vg==
MIME-Version: 1.0
X-Received: by 10.236.17.163 with SMTP id j23mr28051475yhj.138.1425920448132; Mon, 09 Mar 2015 10:00:48 -0700 (PDT)
Received: by 10.170.58.198 with HTTP; Mon, 9 Mar 2015 10:00:47 -0700 (PDT)
Received: by 10.170.58.198 with HTTP; Mon, 9 Mar 2015 10:00:47 -0700 (PDT)
In-Reply-To: <54FDC9CC.4040503@w3.org>
References: <54FA136B.70901@w3.org> <CACsn0cnNfXH+kHwm31+QhdNjHh5eiuFxXswg+UgfXN6K3-p7LQ@mail.gmail.com> <54FDC9CC.4040503@w3.org>
Date: Mon, 9 Mar 2015 10:00:47 -0700
Message-ID: <CACsn0cnr385xvQH5aqYiGXN09mQeaXYVJ2_azjLCzRaqqiOOog@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Harry Halpin <hhalpin@w3.org>
Content-Type: multipart/alternative; boundary=001a11c1e31ac9fba00510ddf95e
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/GTS9dTGfMIieyo51JXzupoIUbxE>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Request from W3C WebCrypto Working Group - confirmation on recommendation
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 17:00:51 -0000

On Mar 9, 2015 9:26 AM, "Harry Halpin" <hhalpin@w3.org> wrote:
>
>
>
> On 03/06/2015 10:07 PM, Watson Ladd wrote:
> > On Mar 6, 2015 12:53 PM, "Harry Halpin" <hhalpin@w3.org> wrote:
> >>
> >> CFRG,
> >>
> >> The W3C Web Cryptography Working Group has a deadline of March 12th on
> >> their dependency on CFRG's recommendations, in particular [1]:
> >>
> >> "The WG will not decide which additional curve to integrate before
> >> IETF/CFRG shares its recommendation. Once this recommendation shared,
> >> based on timing constraint, algorithm maturity, the WG will make
> >> decision about integrating the curves, in accordance with the
extensible
> >> mechanism the WG will decide, according to bug 25618. In case IETF/CFRG
> >> does not share recommendation before the Web Crypto API move to
Proposed
> >> Recommendation, there will be no curve added."
> >>
> >> Thus, unless there is something I'm not aware of, the CFRG has
> >> recommended for the 128 bit security level the curve specified in this
> >> document:
> >>
> >>https://tools.ietf.org/html/draft-irtf-cfrg-curves-01
> >
> > It's not enough to have a curve. One needs to know what the values are
that
> > need to be computed, and how these values are represented.
>
> Note that Trevor Perrin started down this path re ECDH:
>
>
http://www.w3.org/2012/webcrypto/WebCryptoCurve25519/Curve25519-WebCrypto.html

Based on Bernstein definition, which there is no reason to change. But the
CFRG is contemplating OrangeBikeShed as an alternative, which reverses the
bytes.

The problem is that you will potentially need both. But there's an easy
solution: encourage the CFRG not to unnecessary multiply confusion by
specifying a big endian variant.

>
> So we could continue and co-ordinate with CFRG re representational
> issues. However, we need a clear signal from CFRG that indeed, Curve
> 25519 would be suitable for the 128 bit security level. I believe that
> consensus has been found inside CFRG, not sure when the plan was to send
> it to the outside the world.

I think this is more a question for the chairs.

>
>    cheers,
>         harry
>
> >
> > Sincerely,
> > Watson Ladd
> >>
> >>   cheers,
> >>       harry
> >>
> >> [1]
> >>
> >
http://www.w3.org/2012/webcrypto/DispositionOfComments/WebCryptoDispositionOfComments.html
> >>
> >> _______________________________________________
> >> Cfrg mailing list
> >>Cfrg@irtf.org
> >>http://www.irtf.org/mailman/listinfo/cfrg
> >