Re: [Cfrg] On the use of Montgomery form curves for key agreement

Benjamin Black <b@b3k.us> Tue, 02 September 2014 21:33 UTC

Return-Path: <b@b3k.us>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 251181A0701 for <cfrg@ietfa.amsl.com>; Tue, 2 Sep 2014 14:33:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f7nKWF6xFHXy for <cfrg@ietfa.amsl.com>; Tue, 2 Sep 2014 14:33:57 -0700 (PDT)
Received: from mail-we0-f180.google.com (mail-we0-f180.google.com [74.125.82.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E95CA1A0662 for <cfrg@ietf.org>; Tue, 2 Sep 2014 14:33:56 -0700 (PDT)
Received: by mail-we0-f180.google.com with SMTP id w61so7625059wes.11 for <cfrg@ietf.org>; Tue, 02 Sep 2014 14:33:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=60p/z/W8B9CN+XgWw2Uzk0vSK89khjEfCztHBUKd+BI=; b=Q07vZDLlT1QW32sMfjgGWIN9l3aY51hrFEhQKSJtoU7+RGbAYRZCqkPa/UJfz8IYJg 8D079/5pEoior+ic2KXFR1Tl9wuy5CYXSt+s/JTX+0KZ7K23VkbpkkC6cvHzC5D3f9hH TU3B0i45BiH+45HJAIgYTbBcRMD5sgaF4l7SZMcLy8lsDaKFqEbdxQtalvfjvM710UA5 xI0sjaAPo9NA6HWl0TDirQXLjK2AyTRUGJmVtX6xKId5eS9tlcqNrWEnzVxPEpcjZ/+5 H052oqTm+ReBLwPdDOg/8wVkV7YJbNggXmn8FzUO0BMhmb/65wS9ioRBgGaFAmTC0Ci9 oWTA==
X-Gm-Message-State: ALoCoQkpjwtJxnm6fPNwgCpggmWlCti1SubiNhjx7BidwKoewL0Jht1xh+ZBhu3tUY655cm55vKr
X-Received: by 10.194.58.244 with SMTP id u20mr42492737wjq.36.1409693635486; Tue, 02 Sep 2014 14:33:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.44.138 with HTTP; Tue, 2 Sep 2014 14:33:34 -0700 (PDT)
In-Reply-To: <54058021.9040801@cs.tcd.ie>
References: <e16ac4926a934565a65456058e50b68e@BL2PR03MB242.namprd03.prod.outlook.com> <CALCETrUby2o5O3=tMkv20JTVkahSo5Wan4oSCPOspRnXhFCg+g@mail.gmail.com> <b53e2c5417d247199f4496e0c0d5c29c@BL2PR03MB242.namprd03.prod.outlook.com> <CACsn0cktxTyPpeaqKU-oL+DiP4Fu0risHB1Wx8-by+94s30h=g@mail.gmail.com> <CA+Vbu7yMvyPzRAGrtVH38mzaYy3XQ1wswEUQisqbwpT10JfQVg@mail.gmail.com> <54058021.9040801@cs.tcd.ie>
From: Benjamin Black <b@b3k.us>
Date: Tue, 02 Sep 2014 14:33:34 -0700
Message-ID: <CA+Vbu7w995VzPF=nf=DtHRXAEn+3ynNxbYH0CG18Q5j6MMp85g@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="047d7b86cf2662c43305021be002"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/JXyx2SQvnCk9ruJnLlN61RrfHrk
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] On the use of Montgomery form curves for key agreement
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Sep 2014 21:33:59 -0000

Why would new cipher suites be required to use new curves? Do you mean new
named curve code points rather than cipher suites?

Though our reasons are different, it sounds like we agree on leaving wire
formats to the WGs.


On Tue, Sep 2, 2014 at 1:30 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Just on this point...
>
> On 02/09/14 02:50, Benjamin Black wrote:
> > The various working groups and standards bodies have already answered the
> > question of what goes on the wire.
>
> That's not correct. When CFRG finish doing a great job here, then
> the TLS WG will have to assign new codepoints for ciphersuites and
> there is nothing stopping them defining new encodings at that point
> if that's needed. That'd just not be a big deal. And the same is
> true of other IETF activities. So what goes on the wire should be
> a non-issue for this discussion really.
>
> There is a connection with Russ' point about code re-use, but that's
> much better considered in the way Russ framed it, as an implementation
> issue and not as a protocol issue. Note that I'm not saying here that
> I share Russ' concerns or conclusions, (not having implemented any
> ECC myself) but I do think his question is the right one to ask.
>
> S.
>