IETF Logo Mail Archive

Re: [Cfrg] EC signature: next steps

Simon Josefsson <simon@josefsson.org> Mon, 31 August 2015 13:07 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2DE21B2D92 for <cfrg@ietfa.amsl.com>; Mon, 31 Aug 2015 06:07:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVbe_mA4IUX1 for <cfrg@ietfa.amsl.com>; Mon, 31 Aug 2015 06:07:03 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E2EB1B469B for <cfrg@irtf.org>; Mon, 31 Aug 2015 06:06:57 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t7VD6iF8007820 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 31 Aug 2015 15:06:45 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Alexey Melnikov <alexey.melnikov@isode.com>
References: <55DD906F.3050607@isode.com> <D2035132.531EE%kenny.paterson@rhul.ac.uk> <55DDA21D.9060302@isode.com> <55DF3E3C.7020206@isode.com> <55E42414.3020805@isode.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:150831:cfrg@irtf.org::W/7e+6Qu85XqQNxi:1ioC
X-Hashcash: 1:22:150831:alexey.melnikov@isode.com::+gSPWJ2sbafEJws9:DjkC
Date: Mon, 31 Aug 2015 15:06:43 +0200
In-Reply-To: <55E42414.3020805@isode.com> (Alexey Melnikov's message of "Mon, 31 Aug 2015 10:53:24 +0100")
Message-ID: <8737yz4nfg.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Nj47ycHmPD0V3Z4kkrKY8jgHpYk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] EC signature: next steps
X-BeenThere: cfrg@mail.ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.mail.ietf.org>
List-Unsubscribe: <https://mail.ietf.org/mailman/options/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@mail.ietf.org>
List-Help: <mailto:cfrg-request@mail.ietf.org?subject=help>
List-Subscribe: <https://mail.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 13:07:09 -0000

Alexey Melnikov <alexey.melnikov@isode.com> writes:

> - are there important characteristics or points of comparison that
> Ilari's summary does not cover?

1) Maturity.  Ed25519 was published through CHES in 2011 and has been
peer-reviewed since then.  I would appreciate if someone could find
dates of publications on the other proposals and find out how much of
scientific review they have seen.

2) Implementation status.  There are many Ed25519 implementations
around, many are freely available with source code under liberal
licenses.  Understanding the status of the other proposals would be
useful too.

3) Deployment.  Ed25519 is implemented and deployed by two IETF
protocols (SSH and OpenPGP), with more on their way.  There are many
libraries around for implementation, see
<http://ianix.com/pub/ed25519-deployment.html>.

> - are there errors of fact or omission that need to be corrected?

1) I don't understand by this part of Ilari's writeup: 'dictated by
???'.

2) I disagree with 'Neither personalization nor firewalling is
supported.'.  As far as I understand what Ilari intend, both are
supported in the sense that they can be added by a higher-level
abstraction, which I believe is a more appropriate approach than jamming
this into the signature primitive.

3) What is NPOT?

/Simon

v2.23.0 | Report a Bug | By Email