Re: [Cfrg] Point format endian

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 28 January 2015 01:34 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5238D1A1A34 for <cfrg@ietfa.amsl.com>; Tue, 27 Jan 2015 17:34:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQVL25InHJdr for <cfrg@ietfa.amsl.com>; Tue, 27 Jan 2015 17:34:15 -0800 (PST)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB3B81A1A1E for <cfrg@irtf.org>; Tue, 27 Jan 2015 17:34:14 -0800 (PST)
Received: by mail-lb0-f181.google.com with SMTP id u10so16184577lbd.12 for <cfrg@irtf.org>; Tue, 27 Jan 2015 17:34:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=NhS/YQBFsgs8/hKpK2Ulgq78dOA9FW2Wjt579iuwf8Q=; b=a7+Rlt5kWdInSmr/xBIysLOIe0kpDJ8i/vit1jdMkgh0gSufNPUrwMiF6CXoflm0E5 4QMgQZ60cnIDaoBCCszg4El20bO1JJA9uYQKCbnVqGrgImWFZSCUrAG22/TOoouRVAcb V4fdTSIB+QbzTmNxX2OxxzPzGGr/VXlCjPAqbBzE+1vVc9+hpudAhXlSTs9aXOvapwh7 C+pTNg7FvQgfAcb6zuzHftlzI146EPmYr9k6RQqyxCYtV/xoGnp2v5xpM3DGr95dy7TX iBVAGYiv9OIhHjY3oWSkbsbnc86zX4pcDW3AdMKkB+PwjYIEAkh/JswMGWMJ6KpPH8/E JBmw==
MIME-Version: 1.0
X-Received: by 10.112.27.133 with SMTP id t5mr5018128lbg.45.1422408853353; Tue, 27 Jan 2015 17:34:13 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.147.193 with HTTP; Tue, 27 Jan 2015 17:34:13 -0800 (PST)
In-Reply-To: <alpine.BSO.2.11.1501280859340.16736@natsu.mindrot.org>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF68325@uxcn10-tdc05.UoA.auckland.ac.nz> <54C76EED.6090205@cs.tcd.ie> <sjm386wjko8.fsf@securerf.ihtfp.org> <alpine.BSO.2.11.1501280859340.16736@natsu.mindrot.org>
Date: Tue, 27 Jan 2015 20:34:13 -0500
X-Google-Sender-Auth: nv3xRg7FYy-_XIzyVvFUh4fOb28
Message-ID: <CAMm+LwgN=bWvJYLwQXThs23jkw74wB8CgSq-HVZTVJhDOF+d2Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Damien Miller <djm@mindrot.org>
Content-Type: multipart/alternative; boundary="001a1133b04a6df9ab050dac5e32"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/LCRlR_zx85zTtwcb_-87KXAqxRU>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Subject: Re: [Cfrg] Point format endian
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jan 2015 01:34:16 -0000

On Tue, Jan 27, 2015 at 5:00 PM, Damien Miller <djm@mindrot.org> wrote:

> On Tue, 27 Jan 2015, Derek Atkins wrote:
>
> > Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:
> >
> > > On 27/01/15 10:34, Peter Gutmann wrote:
> > >> The universal standard for crypto bignums is big-endian
> > >
> > > Hmmm.... sez who? :-)
> >
> > PKIX, OpenPGP, OpenSSH, Kerberos, TLS...  Pretty much every existing
> > IETF security standard I know of to date encodes numbers in big-endian
> > format.
>
> No, OpenSSH uses little endian encoding for X25519 and Ed25519.
>

TLS uses certificates. OpenSSH does not, it is currently using a raw key
which is a complete pain in the patootiee.

I am not going to be using any common code serializing for TLS and for
OpenSSH or GPG so the issue really does not arise there.


Internal consistency in TLS is what matters for TLS and after that internal
consistency in IETF. I really don't see why a TLS key would be used for
OpenSSH and it seems a bad idea to do so in any case. So making
transcription of keys easy is hardly a priority.