[Cfrg] Actual security levels for IETF crypto
"D. J. Bernstein" <djb@cr.yp.to> Mon, 27 October 2014 05:35 UTC
Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A4721A8998 for <cfrg@ietfa.amsl.com>; Sun, 26 Oct 2014 22:35:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level:
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYavT14IPblh for <cfrg@ietfa.amsl.com>; Sun, 26 Oct 2014 22:34:59 -0700 (PDT)
Received: from mace.cs.uic.edu (mace.cs.uic.edu [131.193.32.224]) by ietfa.amsl.com (Postfix) with SMTP id B8F2B1A8996 for <cfrg@irtf.org>; Sun, 26 Oct 2014 22:34:58 -0700 (PDT)
Received: (qmail 15743 invoked by uid 1011); 27 Oct 2014 05:34:53 -0000
Received: from unknown (unknown) by unknown with QMTP; 27 Oct 2014 05:34:53 -0000
Received: (qmail 13078 invoked by uid 1001); 27 Oct 2014 05:34:52 -0000
Date: Mon, 27 Oct 2014 05:34:52 -0000
Message-ID: <20141027053452.13077.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: cfrg@irtf.org
Mail-Followup-To: cfrg@irtf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/QvI6X1yZz85YY8v8AzCYWhLl8sA
Subject: [Cfrg] Actual security levels for IETF crypto
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 05:35:00 -0000
CFRG's stated goal in the curve-selection process is to "provide real value" not just to TLS but "the IETF more widely". As an illustration of how crypto is in fact used in other IETF protocols, here are the three most common security levels chosen by top-level domains that use DNSSEC: ~80-bit security (1024-bit RSA): 286 TLDs. ~90-bit security (1280-bit RSA): 192 TLDs. ~110-bit security (2048-bit RSA): 22 TLDs. The fastest-growing category is ~90-bit security (1280-bit RSA). I don't see how this fits the "marketing department needs powers of 2" theory. I do see how it fits the "users are choosing weak crypto for performance reasons" theory. ---Dan
- [Cfrg] Actual security levels for IETF crypto D. J. Bernstein
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Andrey Jivsov
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Olafur Gudmundsson
- Re: [Cfrg] Actual security levels for IETF crypto Jakob Breier
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Ilari Liusvaara
- Re: [Cfrg] Actual security levels for IETF crypto Mike Hamburg
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto D. J. Bernstein
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Alyssa Rowan
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto D. J. Bernstein
- Re: [Cfrg] Actual security levels for IETF crypto Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Bodo Moeller
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Richard Barnes
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Alyssa Rowan
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Richard Barnes
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Actual security levels for IETF crypto Paterson, Kenny