Re: [Cfrg] When's the decision?

"Parkinson, Sean" <sean.parkinson@rsa.com> Wed, 08 October 2014 22:51 UTC

Return-Path: <sean.parkinson@rsa.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3F51A014B for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 15:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.901
X-Spam-Level:
X-Spam-Status: No, score=-2.901 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKcNxMjOGm9O for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 15:51:46 -0700 (PDT)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7511A6F07 for <cfrg@irtf.org>; Wed, 8 Oct 2014 15:51:46 -0700 (PDT)
Received: from maildlpprd55.lss.emc.com (maildlpprd55.lss.emc.com [10.106.48.159]) by mailuogwprd52.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s98MpiKC026528 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <cfrg@irtf.org>; Wed, 8 Oct 2014 18:51:45 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com s98MpiKC026528
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=rsa.com; s=jan2013; t=1412808705; bh=7d3vvZQ98zSh3gZBvhB8wdaLMrY=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=ssbon7EIcZolwzE8HbAEBjQLiHT2et8GYbnnQysuaSRE8NEA/A9vfkGrn2UHwiFyI qlMwz79Tinn8P2eTth5NQC9I96ZkeC5Dnw1ELtJ0v7uGp95gYaCVU56nId8SKkEuQr 2NpjNhFlLluLLABFjSy/Y9YvY39CwLzekABQ84EY=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com s98MpiKC026528
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd55.lss.emc.com (RSA Interceptor) for <cfrg@irtf.org>; Wed, 8 Oct 2014 18:51:18 -0400
Received: from mxhub23.corp.emc.com (mxhub23.corp.emc.com [128.222.70.135]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s98MpaeX028128 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <cfrg@irtf.org>; Wed, 8 Oct 2014 18:51:36 -0400
Received: from mx17a.corp.emc.com ([169.254.1.209]) by mxhub23.corp.emc.com ([128.222.70.135]) with mapi; Wed, 8 Oct 2014 18:51:36 -0400
From: "Parkinson, Sean" <sean.parkinson@rsa.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Date: Wed, 8 Oct 2014 18:51:34 -0400
Thread-Topic: [Cfrg] When's the decision?
Thread-Index: Ac/jHdkNXXV86vegQryVW7j10pACTgAKmhcA
Message-ID: <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to>
In-Reply-To: <20141008173154.15169.qmail@cr.yp.to>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: public
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/SGlE2GAJRC7HwYTwOXntk6oB7qg
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Oct 2014 22:51:48 -0000

I have concerns about a decision being made about which curves to recommend 'before Halloween'.
I am unaware of 3rd parties implementing and confirming all the curves that have been proposed.
Making a decision on new elliptic curves based on data that hasn't been corroborated by a 3rd party is bad practice.

I have been implementing as many of the curves as I can and my performance results, so far, do not always match those that I have seen in papers.

Also, I am concerned that, while some curves are being implemented to be constant time, not all curves are being implemented to be cache attack resistant. Either all implementations need to be resistant or all implementations not. Only then can a true comparison be made.

Until these issues are dealt with I feel there is not sufficient information to make a decision.

Sean
--
Sean Parkinson | Consultant Software Engineer | RSA, The Security Division of EMC
Office +61 7 3032 5232 | Fax +61 7 3032 5299
www.rsa.com