Re: [Cfrg] Requirements for curve candidate evaluation update

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 14 August 2014 02:42 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5891A0741 for <cfrg@ietfa.amsl.com>; Wed, 13 Aug 2014 19:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uho4H31GdAWh for <cfrg@ietfa.amsl.com>; Wed, 13 Aug 2014 19:42:46 -0700 (PDT)
Received: from mail-lb0-x236.google.com (mail-lb0-x236.google.com [IPv6:2a00:1450:4010:c04::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC22B1A0689 for <cfrg@ietf.org>; Wed, 13 Aug 2014 19:42:45 -0700 (PDT)
Received: by mail-lb0-f182.google.com with SMTP id z11so476536lbi.13 for <cfrg@ietf.org>; Wed, 13 Aug 2014 19:42:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=8e+YsQ5lAzrfSDsfMyU0vhilOa3JGGKbAz3TtkWx1mE=; b=aLsY6Ss7AF9fG4m9qUtqgcYx/l9j+Xl+uACf72H0wNbHpHPurQ2WGrN54Brt7MeBxX 67+fRQx6uaiLDw25Stoaa9HcSjdMkVVelxLQZQ99gxObu95tpT/rxAAKuPaznR18fWOU tH5azC9BlVWpeLiA79rG2YNV8hHB7SFDIvpZoRnEIIzlcfBs8vFMpafMqgVdU0+llJHO 7eVQERL2BR7+C5caVnyVOaBx06d95GFpjCeTchkhqztc/2KviIVaPUW3vIPXHd6n+brT kAZ1vT0GPTFmpw/VOX1NFYOizaLHn1o9FgmmU1TSPvfIYnesL/3HlfUBPEkWFTd8W3TB aXLQ==
MIME-Version: 1.0
X-Received: by 10.112.8.99 with SMTP id q3mr1587878lba.85.1407984164046; Wed, 13 Aug 2014 19:42:44 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Wed, 13 Aug 2014 19:42:43 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C9094@USMBX1.msg.corp.akamai.com>
References: <CA+Vbu7wuAcmtAKJYEgAaSBTf6sj8pRfYpJhz2qV_ER=33mrk8Q@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C8CEB@USMBX1.msg.corp.akamai.com> <CA+Vbu7zfbx-OqU=ggXgutDb+GNwvS3QpkTwzU1c+2Lcv=3Gawg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C9094@USMBX1.msg.corp.akamai.com>
Date: Wed, 13 Aug 2014 22:42:43 -0400
X-Google-Sender-Auth: n2tnpjYHxd_o0dKDlG20U5gJuNQ
Message-ID: <CAMm+Lwg8EZ-MWN4hKxzN+g5L9-GjgEGV49NqYNEnK=34qrkb+w@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/Plm4fNE5fGUGp9LWJxIgUSYONO4
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] Requirements for curve candidate evaluation update
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 02:42:47 -0000

+1

To be clear, I am arguing that we put HSM support way ahead of a
single model. HSM support is essential, a single model is someone's
idea of tidiness.

You might think you are going to share the sign and decrypt code but I
bet you won't.


On Wed, Aug 13, 2014 at 10:34 PM, Salz, Rich <rsalz@akamai.com> wrote:
>> Requiring a single model for everything significantly reduces opportunities for mistakes and the small performance gain of multiple models does not justify requiring the additional exposure.
>
> That's a value judgement, and different people will come to different conclusions. It's certainly not an axiomatic principle. And when I see it put forth like that, I instantly get suspicious of the people doing that.  FWIW.
>
> To me, it's trading off "this is hard, and some people will get it wrong" -- when the community of people doing it is maybe a few hundred, certainly under 1K -- compared to zillions of devices in the web of things for the next couple of decades.
>
>         /r$
>
> --
> Principal Security Engineer
> Akamai Technologies, Cambridge MA
> IM: rsalz@jabber.me Twitter: RichSalz
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg