Re: [Cfrg] Task looming over the CFRG
David McGrew <mcgrew@cisco.com> Mon, 05 May 2014 19:37 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8C41A019C for <cfrg@ietfa.amsl.com>; Mon, 5 May 2014 12:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.151
X-Spam-Level:
X-Spam-Status: No, score=-10.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1H5XA7VrfUhv for <cfrg@ietfa.amsl.com>; Mon, 5 May 2014 12:37:49 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) by ietfa.amsl.com (Postfix) with ESMTP id F10951A019B for <cfrg@irtf.org>; Mon, 5 May 2014 12:37:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13999; q=dns/txt; s=iport; t=1399318665; x=1400528265; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=WRaZ6Ua1Nx7rfQx8LAeyNqCvofrOTJVU87x5Yzs/a5s=; b=DnXYGfUTVUQzrr2yKVYct6QfBGv32DvAaWc+Kl3yQ32OQgbmb9QHT4wL t73g3Nz0huUOHzzdKL+n9lM0zt/3RDa5CuPTDAt59kCMV7/HBupAGpXcb a347u3OakeWrdZ/ByN7oQul+S5Ie82MWysRN/rckbix9+X2phv3KS4diG E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApAFAHvnZ1OtJA2M/2dsb2JhbABZgkJET4kctEcBhzqBGhZ0giUBAQEDAQEBAWUGCgEFCwsOCgkWCAcJAwIBAgEVHxEGDQEFAgIFC4glCA3NMReJMYJ7K4EYYwYBhD8EhUmTa4ZkjBCDUCE
X-IronPort-AV: E=Sophos; i="4.97,990,1389744000"; d="scan'208,217"; a="41181637"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-1.cisco.com with ESMTP; 05 May 2014 19:37:43 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8914.cisco.com [10.117.10.229]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s45JbhCc024183; Mon, 5 May 2014 19:37:43 GMT
Message-ID: <5367E85F.1050009@cisco.com>
Date: Mon, 05 May 2014 15:37:03 -0400
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10
MIME-Version: 1.0
To: Michael Hamburg <mike@shiftleft.org>
References: <3C4AAD4B5304AB44A6BA85173B4675CABAA4022F@MSMR-GH1-UEA03.corp.nsa.gov> <E98B42D5-610C-4532-B765-5819A35A456C@shiftleft.org>
In-Reply-To: <E98B42D5-610C-4532-B765-5819A35A456C@shiftleft.org>
Content-Type: multipart/alternative; boundary="------------030109060501060909040005"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/NrUBJSySOIqyYtnv76lpJ0bq2hY
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Task looming over the CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 19:37:53 -0000
Hi Michael, On 05/05/2014 02:25 PM, Michael Hamburg wrote: > Hi Kevin, > > As the designer of an ECC system which is aimed at 224-ish-bit > security, I'm curious: is it a firm requirement that the curves be set > at 128, 192 and 256 bits? Eric Rescorla suggested that CFRG recommend a single family of curves, as opposed to recommending multiple curves at each security level. The security levels that you mention were his examples, and are good ones in my opinion. But there was no explicit discussion of whether or not there should be curves at other security levels. David > Or was there consensus in the meeting that the curves should be set at > these security levels? Patrick Longa aimed his talk at these security > levels, but I don't recall this being stated as a requirement. > > Cheers, > --- Mike > > > On May 5, 2014, at 10:58 AM, Igoe, Kevin M. <kmigoe@nsa.gov > <mailto:kmigoe@nsa.gov>> wrote: > >> As most the folks who read this list have noticed, a virtual interim >> meeting of the CFRG >> was held on Tues 29 April to discuss the way forward for elliptic >> curve cryptography >> in the IETF. */This/**/was/**/driven by an earnest plea from the TLS >> WG for firm/**//**/guidance/**/from >> the CGRG/**/on the selection of elliptic curves/**//**/for use in >> TLS. They need an answer/**/before >> /**/the/**/Toronto/**/IETF meeting i/**/n/**//**/late July/*. TLS >> needs curves for several*//*levels of security (128, >> 192 and 256), suitable for use in both key agreement and*//*in >> digital signatures. >> >> * The consensus of the attendees was that it would be best for TLS >> to have a single >> "mandatory to implement" curve for each of the three security levels. >> >> * Though the attendees were reluctant to make a formal commitment, >> there >> was clearly a great deal of support for the Montgomery curve >> curve25519 (FYI, the >> 25519 refers to the fact that arithmetic is done modulo the prime >> 2**255 -- 19 ). >> >> * curve25519 only fills one of the three required security levels. >> We still need >> curves of size near 384 bits and 512 bits. >> >> * NIST curves: I doubt TLS will be willing to revisit the question >> of elliptic curves once the >> CFRG has made their recommendation. Another option to consider >> is advising TLS to >> use of the NIST curves in the short term, buying time for the >> CFRG to do an unrushed >> exploration of the alternatives, drawing academia and other >> standards bodies into the >> discussion. >> >> P.S. It has been suggested that the CFRG hold a session at the >> Crypto conference in >> Santa Barbara in an effort to draw in more participation from the >> academic community. >> No guarantees we can pull this off, but it is worth the attempt. >> Thoughts? Volunteers? >> P.P.S. We need to start lining up speakers for the CFRG session at >> IETF-90 (Toronto). >> ----------------+-------------------------------------------------- >> Kevin M. Igoe | "We can't solve problems by using the same kind >> kmigoe@nsa.gov <mailto:kmigoe@nsa.gov> | of thinking we used when we >> created them." >> | - Albert Einstein - >> ----------------+-------------------------------------------------- >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org <mailto:Cfrg@irtf.org> >> http://www.irtf.org/mailman/listinfo/cfrg > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Rene Struik
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Rene Struik
- Re: [Cfrg] Task looming over the CFRG David McGrew
- Re: [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Blumenthal, Uri - 0668 - MITLL
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Watson Ladd
- Re: [Cfrg] Task looming over the CFRG Johannes Merkle
- Re: [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Johannes Merkle
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Watson Ladd
- Re: [Cfrg] Task looming over the CFRG Blumenthal, Uri - 0558 - MITLL