IETF Logo Mail Archive

Re: [Cfrg] Meeting notes

Watson Ladd <watsonbladd@gmail.com> Fri, 27 March 2015 21:47 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95D591A92AA for <cfrg@ietfa.amsl.com>; Fri, 27 Mar 2015 14:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BsHj84j7aYup for <cfrg@ietfa.amsl.com>; Fri, 27 Mar 2015 14:47:56 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE051B2B13 for <cfrg@irtf.org>; Fri, 27 Mar 2015 14:47:56 -0700 (PDT)
Received: by wibg7 with SMTP id g7so40860280wib.1 for <cfrg@irtf.org>; Fri, 27 Mar 2015 14:47:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PIFnAxiaQ1bLzH535OqA4ne+zZzlS/+8i9Cq+gqQdFs=; b=rwONQ7xXlnlF/hB02G59o9sIZvRWwfpttMQqREt1/XMYFSHWgzmQZ5RMGMP7VwwMp0 zniQ27zovmPs4iZMDqHm06MDJLk/shiFGXuUD30s3DKc/ZWqGR3mEl4+Qr6dydQ8liSo E7ysQUMgTSeiQCWHEPH50D9NVDj3hH+/pLt5EyPP8GXaQ0v3O/O9W19kPny06292c2wi cyUB4yI0PJuEA4omw23ANk/65dFQ8nbc/A6IAa9E3rZPUo/UfPnlMF2NooxZX85+9dx+ +RAUnqjF+6atTLq7C5OxwqzI4C5exZKK7zjVgNF9al68lQ906Tm/pvS4fIK3D6513dHl AXvQ==
MIME-Version: 1.0
X-Received: by 10.180.80.101 with SMTP id q5mr1360334wix.83.1427492874924; Fri, 27 Mar 2015 14:47:54 -0700 (PDT)
Received: by 10.194.136.233 with HTTP; Fri, 27 Mar 2015 14:47:54 -0700 (PDT)
Received: by 10.194.136.233 with HTTP; Fri, 27 Mar 2015 14:47:54 -0700 (PDT)
In-Reply-To: <49380f24bf3d6268074800b37a566a71.squirrel@mail2.ihtfp.org>
References: <CAHOTMVKUyNsA7ux4epk8LwR0w0Eh7dh0G3xTXB3O9m8jQPS3EQ@mail.gmail.com> <0C65868C-1725-4B32-A562-62C9DF36A956@gmail.com> <c65696d44c65b12478532bcb01fb2ef3.squirrel@mail2.ihtfp.org> <94D99ECB-98CA-4D25-897D-BA4BA8178409@gmail.com> <49380f24bf3d6268074800b37a566a71.squirrel@mail2.ihtfp.org>
Date: Fri, 27 Mar 2015 14:47:54 -0700
Message-ID: <CACsn0cmfC66STymhbs3NacUoBt-TvkZ7Ghk78rSrG51r8p50jw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Derek Atkins <derek@ihtfp.com>
Content-Type: multipart/alternative; boundary="f46d04428f38baba4305124c1541"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/GsghSA5AlQywTSOO7zB6cERBbkA>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Meeting notes
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 21:47:58 -0000

On Mar 27, 2015 1:56 PM, "Derek Atkins" <derek@ihtfp.com> wrote:
>
> Hi,
>
> On Fri, March 27, 2015 10:44 am, Yoav Nir wrote:
> >
> >> On Mar 27, 2015, at 8:29 AM, Derek Atkins <derek@ihtfp.com> wrote:
>
> >> AE has a set of public parameters that you use to generate keypairs
that
> >> can communicate (the equivalent of an ECC Curve or DH Prime).  The
issue
> >> is that you need random data to generate those public parameters, and
> >> that
> >> random data needs to be kept secret.  Once the parameters are generated
> >> you don't need access to the random data ever again, but the issue, as
I
> >> understand it, is "how do you know that that random data wasn't
> >> compromised during the parameter generation process?"
> >>
> >> Hopefully this better explains the issue?
> >
> > Not quite. For ECC and DH these parameters were generated once, and then
> > those public parameters were published in an RFC or NIST document. So 10
> > years after their generation, we still use those public parameters and
we
> > don’t ever need access to any random data that was used to generate
them.
> > They’re hard-coded in every implementation.
> >
> > Is that the same for AE?
>
> Yes.
>
> >          Because if it is, you could just generate those
> > parameters, stick them in the draft and be done with it (up to some NUMS
> > claims that can be solved with a key generation ceremony that need
happen
> > only once.
>
> Exactly.

NIST published the seeds used. But in an email above it's claimed the
random data used must be secret. This us a large difference from ECC.
>
> > Thanks.
> >
> > Yoav
>
> -derek
>
> --
>        Derek Atkins                 617-623-3745
>        derek@ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email