Re: [Cfrg] big-endian short-Weierstrass please
Dan Brown <dbrown@certicom.com> Thu, 29 January 2015 16:50 UTC
Return-Path: <dbrown@certicom.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3FE01A1EF6 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 08:50:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZROFD7oQLH7t for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 08:50:13 -0800 (PST)
Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) by ietfa.amsl.com (Postfix) with ESMTP id E4BD21A1A9B for <cfrg@irtf.org>; Thu, 29 Jan 2015 08:50:12 -0800 (PST)
Received: from xct101cnc.rim.net ([10.65.161.201]) by mhs215cnc.rim.net with ESMTP/TLS/AES128-SHA; 29 Jan 2015 11:50:05 -0500
Received: from XCT116CNC.rim.net (10.65.161.216) by XCT101CNC.rim.net (10.65.161.201) with Microsoft SMTP Server (TLS) id 14.3.210.2; Thu, 29 Jan 2015 11:50:04 -0500
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT116CNC.rim.net ([::1]) with mapi id 14.03.0210.002; Thu, 29 Jan 2015 11:50:04 -0500
From: Dan Brown <dbrown@certicom.com>
To: "'dkg@fifthhorseman.net'" <dkg@fifthhorseman.net>, "'cfrg@irtf.org'" <cfrg@irtf.org>
Thread-Topic: [Cfrg] big-endian short-Weierstrass please
Thread-Index: AdA6QfeHnVWfJGNlTzek7rmrn4E15gBEvvUAAAkmA5D///TDAIAACxgA//+0JACAAW5uAIAAUxDQ
Date: Thu, 29 Jan 2015 16:50:04 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF5D44DD8@XMB116CNC.rim.net>
References: <810C31990B57ED40B2062BA10D43FBF5D42BDA@XMB116CNC.rim.net> <87386ug2r7.fsf@alice.fifthhorseman.net> <810C31990B57ED40B2062BA10D43FBF5D4413B@XMB116CNC.rim.net> <87r3ueedx7.fsf@alice.fifthhorseman.net> <20150128231006.GJ3110@localhost> <D0EED79E.204B1%uri@ll.mit.edu> <878ugleei5.fsf@alice.fifthhorseman.net>
In-Reply-To: <878ugleei5.fsf@alice.fifthhorseman.net>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.249]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0071_01D03BB9.B84E1D60"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/UqVHZ12JQRGRJRXBBaWrkHIhaKs>
Subject: Re: [Cfrg] big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 16:50:15 -0000
> -----Original Message----- > From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Daniel Kahn Gillmor > Sent: Thursday, January 29, 2015 11:30 AM > To: cfrg@irtf.org > Subject: Re: [Cfrg] big-endian short-Weierstrass please > > On Wed 2015-01-28 18:38:49 -0500, Blumenthal, Uri - 0558 - MITLL wrote: > > The problem is - reasonably-vetted by who? NIST? DJB? Yourself? All of > > the above? > > If this lengthy process we're involved in doesn't turn out to be reasonable > vetting by a multistakeholder group, i'll be sorely disappointed. > > > Attractiveness of the ability to select a custom curve is similar to > > that of PGP Web of Trust: you can make a choice for yourself, rather > > than being forced into what other experts (or “experts” :) decide for you. > > This is different from the PGP Web of Trust. If i'm communicating with a new > peer using TLS, and they want to use MagicCurveX that i've never seen before, > my TLS client is not going to be able to evaluate it properly, certainly not before > the TLS handshake expires. > > Anyone can of course decide what curves are worth using, and can apply their > own analysis with their peers to come to that decision. But if you're > communicating with the arbitrary outside world, there needs to be some > broader consensus about which curves to commonly use. [DB] Isn't TLS 1.3 proposing a DH group negotiation mechanism, where peers could configure their supported set of (EC)DHE group, then at run-time find something in the intersection of their supported curves? Having an option to fully specify a custom curve in this mix is not requiring any peers to support MagicCurveX. > > The act of naming and identifying the curve doesn't mean it's good, of course; > We have named codepoints for curves insufficient for modern cryptanalysis, like > sect163k1. But you're right, people should be able to use curves internally that > no one else has to weigh in on. > fortunately, we can already do that (at least in TLS); we have a range of the > codepoints set aside for private use (RFC 4492): > > Values 0xFE00 through 0xFEFF are reserved for private use. [DB] Wouldn't users of these private values have to then customize their software this? Well, I guess TLS would work for that. So, it seems that the advantage of specified curves, is that if a trustworthy WebSiteABC TLS server, elects to use MagicCurveX, then anonymous TLS clients could connect to WebSiteABC, relying on the current trust of the WebSiteABC, and their own software.
- [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please David Gil
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Tony Arcieri
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Stephen Farrell
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Hanno Böck
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Yoav Nir
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Paul Hoffman
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Andrey Jivsov
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker