IETF Logo Mail Archive

Re: [Cfrg] big-endian short-Weierstrass please

Phillip Hallam-Baker <phill@hallambaker.com> Sun, 01 February 2015 12:30 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53F2C1A878C for <cfrg@ietfa.amsl.com>; Sun, 1 Feb 2015 04:30:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNBbuqBC841n for <cfrg@ietfa.amsl.com>; Sun, 1 Feb 2015 04:30:38 -0800 (PST)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D83AE1A8766 for <cfrg@irtf.org>; Sun, 1 Feb 2015 04:30:37 -0800 (PST)
Received: by mail-la0-f42.google.com with SMTP id ms9so33271401lab.1 for <cfrg@irtf.org>; Sun, 01 Feb 2015 04:30:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=fB40fnunJI8JyCQeh0sZwgBgacgQ0QnN4rt5mzX9Rs4=; b=t6GT8tht+T8JEQNLeE68ILHr6MdCzsbmaVxzJooc+cyPHYIeVC82/qxYa/8FRVw7Ei 4BU6J3T1EZyhMZ6UEYtmAG/SLsgdwze+1F55nhjjS1ffYOSh+SnIBMsvaLui6dKlru8O lO98/sXfoRr6NIM2/fkWB3nRu+Qyl+EDhPGO1/uJMnL226V3NR2EF8oeXFBe7RjP6fJt hSRQzgAgZvQngz1OwkI8IMwZfd3SC9O/uYWAQacEmkIflXWa8E/kDDUAfBqoPXB5JEK9 1CJrGIvxE7bq/RC/6eWrm5BAEo4zEI9Chq7UuvFlSBnHHJWIlUo1EARjtqI7XbxlR8D2 sajw==
MIME-Version: 1.0
X-Received: by 10.112.12.71 with SMTP id w7mr4956980lbb.99.1422793836250; Sun, 01 Feb 2015 04:30:36 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.147.193 with HTTP; Sun, 1 Feb 2015 04:30:36 -0800 (PST)
In-Reply-To: <54CDD682.9050503@brainhub.org>
References: <810C31990B57ED40B2062BA10D43FBF5D42BDA@XMB116CNC.rim.net> <87386ug2r7.fsf@alice.fifthhorseman.net> <810C31990B57ED40B2062BA10D43FBF5D4413B@XMB116CNC.rim.net> <87r3ueedx7.fsf@alice.fifthhorseman.net> <CAMm+Lwj6eG_KAhb-r5QrDeui7w8AoSN=71X8ywEyn9jj0rALQg@mail.gmail.com> <54C9DD8E.9040302@akr.io> <54CA0591.3070308@cs.tcd.ie> <CAMm+Lwi5skMnsaPxSzdVmDtHTjjGPRJ54xpaF8GL84ihMHePrA@mail.gmail.com> <54CDD682.9050503@brainhub.org>
Date: Sun, 01 Feb 2015 07:30:36 -0500
X-Google-Sender-Auth: 8-G-QYn0Gxn7eA9UmCMlDxBUVf4
Message-ID: <CAMm+LwhLnUxz1iLeRXyC-N12r2khD9vCXdqm+mM4+SP-c=_N9A@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Andrey Jivsov <crypto@brainhub.org>
Content-Type: multipart/alternative; boundary="001a11c3e60632cd45050e0601e5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/PhWBrQMhlkl8IwXmyb0qVcEigGI>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Feb 2015 12:30:39 -0000

On Sun, Feb 1, 2015 at 2:32 AM, Andrey Jivsov <crypto@brainhub.org> wrote:

> On 01/29/2015 05:21 AM, Phillip Hallam-Baker wrote:
>
>> So by FIPS-140 equivalent, what is meant is something that we can get a
>> group of experts to agree is equivalent and safe. It probably means that
>> the hardware is certified FIPS-140 but not necessarily for the
>> particular algorithm. This may or may not require wording changes but I
>> don't expect they would be controversial.
>>
>
> Unless the new curve is accepted along the lines of P-256 by NIST, it will
> be treated no much differently than CAMELIA (or DES).
>
> Without this change, the new curve is a Non-Approved security function and
> it can only be used in non-Approved modes of operation. Crypto module
> documentation will need to make this clear, per FIPS 140-2.
>
> It's a known trick to certify only AES and then somehow make an impression
> that other algorithms are covered by the same module. NIST put multiple
> notes to make this harder. Thus, NIST will need to explicitly bless the new
> curve. A precedent for this is the TLS KDF.


It would be necessary if NIST made the rules for CAs, but they don't.

The question is whether NIST is going to stay relevant to its primary
function of supporting commerce or not.

v2.23.0 | Report a Bug | By Email