[Cfrg] Influences [was RE: [TLS] draft-sheffer-tls-bcp: DH recommendations]

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 25 September 2013 09:57 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9FE7221F9FD7 for <cfrg@ietfa.amsl.com>; Wed, 25 Sep 2013 02:57:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.581
X-Spam-Status: No, score=-2.581 tagged_above=-999 required=5 tests=[AWL=0.018, BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nH4x9N7FmFKi for <cfrg@ietfa.amsl.com>; Wed, 25 Sep 2013 02:57:07 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz []) by ietfa.amsl.com (Postfix) with ESMTP id 0676221F9F6C for <cfrg@irtf.org>; Wed, 25 Sep 2013 02:56:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1380103017; x=1411639017; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=iSBOL4OT1EjRvFKLNHrNjKcghdePk3xRCZiEeH0AVv0=; b=ER+1zSRuQaDbqd/i6ibFoT7AwxFzKaKbJu6LIdNdiTfsl7fN1Tz8ZfeB j0Cxx0fF8dXEyrcPv8gKXNQFv40lqZtHknBpNTdNio2p+noU2NY1vC3S/ PDn8oAXJ+szl4ubrLcPmo933JoEz20LDKUF2KtIsWluojPAePVeoyYcba I=;
X-IronPort-AV: E=Sophos;i="4.90,977,1371038400"; d="scan'208";a="214106229"
X-Ironport-Source: - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 25 Sep 2013 21:56:44 +1200
Received: from UXCN10-6.UoA.auckland.ac.nz ([]) by uxchange10-fe4.UoA.auckland.ac.nz ([]) with mapi id 14.02.0318.004; Wed, 25 Sep 2013 21:56:43 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "'cfrg@irtf.org'" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Influences [was RE: [TLS] draft-sheffer-tls-bcp: DH recommendations]
Thread-Index: Ac651YmJsnGQmMiCSL+cTWCHwfLo2A==
Date: Wed, 25 Sep 2013 09:56:42 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C735567D2BF@uxcn10-6.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [Cfrg] Influences [was RE: [TLS] draft-sheffer-tls-bcp: DH recommendations]
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 09:57:12 -0000

Dan Brown <dbrown@certicom.com> writes:

>1. You seem to be saying there that P256 has security problems

Not at all.  I was pointing out (possibly not too clearly :-) that once you
get past the purely technical issues you're now introducing political ones.
Given the paranoia about NSA-tainted crypto (I've even seen people questioning
AES, which was probably as non-tained as you can get), expecting people to
switch from DH to what people will perceive as "NSA-influenced values that the
NSA has been awfully keen to get everyone to use" will run into problems at
the political level.
is one example of where this could end up.

(According to that thread, the values weren't just NSA-influenced, they came
directly from the NSA:

  The Bernstein/Lange presentation says the NIST elliptic curves were created
  by "Jerry Solinas at NSA".

Given the ongoing Snowden revelations, what do you think the chances are of
(say) the French, or German, or Belgian, or ..., government adopting
parameters from "Jerry Solinas at NSA"?).