IETF Logo Mail Archive

Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)

Michael Hamburg <mike@shiftleft.org> Fri, 20 February 2015 18:56 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA591A039C for <cfrg@ietfa.amsl.com>; Fri, 20 Feb 2015 10:56:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.556
X-Spam-Level: *
X-Spam-Status: No, score=1.556 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeDsl9TwGTfR for <cfrg@ietfa.amsl.com>; Fri, 20 Feb 2015 10:55:58 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1A4F1A0074 for <cfrg@irtf.org>; Fri, 20 Feb 2015 10:55:58 -0800 (PST)
Received: from [10.184.148.249] (unknown [209.36.6.242]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 9551E3AA12; Fri, 20 Feb 2015 10:54:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1424458464; bh=aWpGgXrR79oOjb5u7mjAs4/oMGn2eh+qAK4iLuAYnxo=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=N4rVyo8KFY2vkOFadrLjP15WaldAKXq8I6n1eS6H92Kzjsg7rTutbsV6L4Btcp7dP qbkNLgPz75JtE5GCNw3aVqyRH8j+c5cxf9Zw3smnO3Fgh/9wVvlaQ+icKMtchoRN7e ay/oCfbgzP1MNjc0ztlxEvfTSo7BT0KbJK8LDtfk=
Content-Type: multipart/alternative; boundary="Apple-Mail=_0B0CA628-4C62-4F89-BE5F-D4E64FDFFF43"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <CACsn0c=eqcXm+ir75Qm9PvP5QhdZf_kfVYn2sE-mcHwNtqbP7A@mail.gmail.com>
Date: Fri, 20 Feb 2015 10:55:56 -0800
Message-Id: <8B1CC23A-EF57-44D5-BBA2-4BA6C6E21B83@shiftleft.org>
References: <54E46EA4.9010002@isode.com> <CAHOTMVKCD+DK6QbSuy8R63FVnu_WBNmwMvByqicx=sK6_k63HQ@mail.gmail.com> <D10CAF3B.3F266%kenny.paterson@rhul.ac.uk> <CAMm+Lwhj9H_NK22QbTB7=EFd7GBg0WprwRMN8RxH3+7r_buf7g@mail.gmail.com> <CACsn0c=eqcXm+ir75Qm9PvP5QhdZf_kfVYn2sE-mcHwNtqbP7A@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/OOlgliApoNGF1v0GbYTx3kODKEw>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2015 18:56:01 -0000

I agree that more and better polling would have been a good idea, and to some degree is still a good idea.  If we had used these consensus tools starting several months ago it would have been good for progress.  Using them now is also fine, but we’d have to make sure to be really brief with the “why no?”, which would otherwise be an important part of the consensus process.

For the record:

379: Acceptable, but prefer 1 mod 4.
384: No, unless benchmarks turn out fine on multiple platforms (eg ARM +- NEON).
389: Preferred.
414: Acceptable
448: Preferred
480: Acceptable
512: No, unless benchmarks turn out fine on multiple platforms.
521: Preferred

Cheers,
— Mike

> On Feb 20, 2015, at 10:17 AM, Watson Ladd <watsonbladd@gmail.com> wrote:
> 
> 
> On Feb 20, 2015 9:21 AM, "Phillip Hallam-Baker" <phill@hallambaker.com <mailto:phill@hallambaker.com>> wrote:
> >
> >
> >
> > On Fri, Feb 20, 2015 at 4:32 AM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk <mailto:Kenny.Paterson@rhul.ac.uk>> wrote:
> >>
> >> Hi Tony,
> >>
> >> On 20/02/2015 06:53, "Tony Arcieri" <bascule@gmail.com <mailto:bascule@gmail.com>> wrote:
> >>
> >> >On Wed, Feb 18, 2015 at 2:51 AM, Alexey Melnikov
> >> ><alexey.melnikov@isode.com <mailto:alexey.melnikov@isode.com>> wrote:
> >> >
> >> >CFRG chairs are starting another poll:
> >> >
> >> >Q3: (For people who want CFRG to recommend a curve at 256bit level) Is
> >> >bandwidth cost of going to p521 worth the speed win over primes closer to
> >> >512 bits?
> >> >
> >> >
> >> >
> >> >Have you considered doing a poll of what specific curves people actually
> >> >want to use?
> >> >
> >>
> >> Yes, we considered a number of different ways of narrowing down our
> >> choices. However, we settled on doing it this way. Please stick with us.
> >>
> >> Cheers,
> >>
> >> Kenny
> >>
> >
> > Well maybe if we had discussed it first. As it is your poll completely mis-states the reasons people prefer 512 over 521. Which rather undercuts the whole process.
> 
> We've been discussing these issues for nearly a full year. You've had and taken ample opportunity to explain why you don't like E-521, and the fact that no one else is convinced has a lot to do with the strength of your arguments.
> 
> >
> > The way I would do this is as a Quaker poll asking people what their preferred outcome is and what they can live with on 448, 480, 512 and 521.
> >
> > 448 - No
> > 480 - Acceptable
> > 512 - Preferred 
> > 521 - No
> >
> > This is meant to be a consensus process and we should be using consensus seeking tools wherever possible. Votes for the best outcome are not the best way to come to consensus.
> 
> No, it's about using our expertise to make the right decision. If your arguments are wrong, don't expect us to pay attention.
> 
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org <mailto:Cfrg@irtf.org>
> > http://www.irtf.org/mailman/listinfo/cfrg <http://www.irtf.org/mailman/listinfo/cfrg>
> >
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email