Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Consensus and a way forward]

[Alyssa Rowan <akr@akr.io>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 27/11/2014 20:45, Alexey Melnikov wrote:

> While it would be nice to have an open source implementation with
> a liberal license, there is no requirement to have an open source 
> implementation to consider this proposal. And IRTF process doesn't 
> require that either.

Indeed. But given the previous comments about benchmarking, how would
we fairly evaluate it otherwise - and moreover, how attractive would the
resulting proposal actually be to others?

As Adam's pointed out, this proposal has generated something extremely
close to an existing curve that's already on the table. I am not sure
that there is a good clear justification for the only thing
differentiating this proposal from that proposal; I don't currently
think it's an improvement there.

If we added - on the basis of wanting to ensure secure implementations
of many possible things we might use it for (such as ECDH) are as simple
as possible - the pretty reasonable criteria that there should be no
weak keys, it would generate Curve25519, I understand. I would accept
that outcome: and it has been very warmly received by the RG before, I
recall. And then we'd have an equally clear process for a larger curve.
(I bear Mike's comments in mind, of course; it needs discussion.)

If we didn't want to do that, I'd want to be crystal-clear about the
value of why not, and hence why anyone outside would ever want to
choose this proposal above Curve25519. (Because right now, I wouldn't.)

> I don't think asking for a transcript of all such discussions is 
> reasonable. Repeating some of the discussion, in particular in 
> response to clarifying questions might be.

Having reconsidered: perhaps you're right! I simply wish the process to
be as transparently and openly argued as possible, that's all: that is,
after all, the primary value of IRTF making such recommendations, rather
than major players such as Google and Microsoft making them by fiat.

> People should treat the draft as any other contribution to the ECC 
> discussion in the RG.

Indeed; I think it is a very encouraging sign overall, and provides a
very good base narrowing the points (if you'll forgive the pun!) of
technical contention. Hopefully we can converge on curves which are
widely acceptable.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUd6IIAAoJEOyEjtkWi2t673EP/0QfqSw3J9bIwNs6lVaP8bcg
YjxqUWxI5XuWvpNtPC8+GQPdA+Tgvv2jcvPOWIDOszX51m8+eXcNXACxaz+olwrL
HKvtWRcY3MEq3GrZuyeBvvzpHhMAiIye+Tv3VcWyAHPYwz4xf9L9CFwWNCUrbO3W
GWUZrQ5l4f0dMfZERlFTSnA8FBEXcbYj2lnLvWnwGbVpvA5vWbXl6R9m/pHEuOOg
XQUz+G64hOw0ItoBTCyv+d2KGCyDqLT2LXBmpTXhkJeAMiT2gXN+FFZvcw+lGEU7
xuDkpGgweVG4IYCHekHap2jq4WNZ9QHVenxRwOngP5tylPjaCYWIH7uyfWlzvehG
9RF+q8WVCTNZO4bccNtdI6sWgfseZWBOiBdMOxgRxIvNUUaErdYAs/4OGizOvNUc
8RHVXIDtYgR+QsMkKCRLrv+f3o+I6EGmBYbY09xQYJ7LXY/m31ABS4NaFzIukFGX
NirLPR5flpyQsdnUbw/U3ZOMQHjgZNLoJZDNEmArzwMU9leFzaFKUgvpI/5RgZf/
CKRSjfAl0qOGwPbUL1JIw09hp+SCPNTFIZYDuwzJplHqmTklr8BNAhRhdZPDrgzA
sc5KriCFdJgAU1abg32ilrvTwLoO7jxW6NENLfsvpmHEshObxl3LiRRxFO2t3aKx
IK6jAAkCdJEMt42zxxCk
=+AJL
-----END PGP SIGNATURE-----