Re: [Cfrg] When in doubt, err on the side of security
David Leon Gil <coruus@gmail.com> Mon, 20 October 2014 20:33 UTC
Return-Path: <coruus@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EFCC1ACE24 for <cfrg@ietfa.amsl.com>; Mon, 20 Oct 2014 13:33:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ABlGBM0kQqQ for <cfrg@ietfa.amsl.com>; Mon, 20 Oct 2014 13:33:19 -0700 (PDT)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4C911ACE15 for <cfrg@irtf.org>; Mon, 20 Oct 2014 13:33:18 -0700 (PDT)
Received: by mail-la0-f54.google.com with SMTP id gm9so4592253lab.41 for <cfrg@irtf.org>; Mon, 20 Oct 2014 13:33:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=/nrQtbdenln+ZNhFGuOun08U2p2KDApCjQD7UfhaUfs=; b=Hlop6lV8DzA60bw9QtiK/lCV7zyemlfDU4Q5Qnyi7uGpqFQAe63l6TjI+zfIVjFBoF vqw7GBYN6WmYkJ5YBsqzHP1bj88W467TO9mQxGOLt9xbcyo6G+KfxyLcZN+YUFFeIiG7 DjLSy9iqwc/4/rWQel2EcvDCNmUzp7zCCeF4/9RxMSBb2LAKuanJegAuYwuSvyu3Lb0c BnocMavuK5NpIv95XfikH/3nAoaxsFANoWBxMTzfkcxiLLNxAHYKR6hrCQfc21SfppPd oblIiYS8DK9wmQWZUrXjVEcSOZ2yOp6ksLt59cRtgK/XnMpDoeIpedbbWdoBpQ9NCaGf EjUA==
X-Received: by 10.152.204.103 with SMTP id kx7mr30102988lac.7.1413837196706; Mon, 20 Oct 2014 13:33:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.218.145 with HTTP; Mon, 20 Oct 2014 13:32:56 -0700 (PDT)
In-Reply-To: <CACsn0ckp_qvc0gzYbDR94hC4Gbf4iXW0g2b-UQ4vfy_NWPVMow@mail.gmail.com>
References: <3C4AAD4B5304AB44A6BA85173B4675CABC705962@MSMR-GH1-UEA03.corp.nsa.gov> <CACsn0ckp_qvc0gzYbDR94hC4Gbf4iXW0g2b-UQ4vfy_NWPVMow@mail.gmail.com>
From: David Leon Gil <coruus@gmail.com>
Date: Mon, 20 Oct 2014 16:32:56 -0400
Message-ID: <CAA7UWsVL1bcXqAEjPHBB7Z0wg8Vb55wtWxbRJB_V4NfV3mfmVg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/POXprlmUnAypdeh3IVqJjFJAvGM
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When in doubt, err on the side of security
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 20:33:20 -0000
On Mon, Oct 20, 2014 at 3:22 PM, Watson Ladd <watsonbladd@gmail.com> wrote: > The second issue is that the choice between performance and security is made > worse by the absence of intermediate options. An organization that strained > and strained to get adequate performance out of ed448goldilocks What organization has strained and strained to get more performance out of Ed448? Or Curve25519, for that matter? On Mon, Oct 20, 2014 at 2:37 PM, Igoe, Kevin M. <kmigoe@nsa.gov> wrote: > Once a security primitive has been selected, Moore’s law will naturally improve > its performance with the passage of time. But Moore’s law and advances in > cryptanalysis will only erode its security [ . . . ] Proposal: Pick curve bit-length based on a fixed latency budget; say, 1 ms. Each semiconductor node, increase bit-length as much as necessary to keep latency the same. Security is asymptotically guaranteed. The CFRG could start by recommending a curve over Fq(2^4062-17), rather than any of this nonsense about Fq(2^414-17) etc.
- [Cfrg] When in doubt, err on the side of security Igoe, Kevin M.
- Re: [Cfrg] When in doubt, err on the side of secu… Watson Ladd
- Re: [Cfrg] When in doubt, err on the side of secu… Phillip Hallam-Baker
- Re: [Cfrg] When in doubt, err on the side of secu… David Leon Gil
- Re: [Cfrg] When in doubt, err on the side of secu… Phillip Hallam-Baker