Re: [Cfrg] draft-ladd-safecurves-02

Dan Brown <dbrown@certicom.com> Sat, 11 January 2014 00:37 UTC

Return-Path: <dbrown@certicom.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6E31AD8F9 for <cfrg@ietfa.amsl.com>; Fri, 10 Jan 2014 16:37:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mrCQd4NmHDe for <cfrg@ietfa.amsl.com>; Fri, 10 Jan 2014 16:37:18 -0800 (PST)
Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) by ietfa.amsl.com (Postfix) with ESMTP id 6DAE21AD8F2 for <cfrg@irtf.org>; Fri, 10 Jan 2014 16:37:18 -0800 (PST)
Received: from xct105cnc.rim.net ([10.65.161.205]) by mhs213cnc.rim.net with ESMTP/TLS/AES128-SHA; 10 Jan 2014 19:37:05 -0500
Received: from XCT113CNC.rim.net (10.65.161.213) by XCT105CNC.rim.net (10.65.161.205) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 10 Jan 2014 19:37:05 -0500
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT113CNC.rim.net ([::1]) with mapi id 14.03.0158.001; Fri, 10 Jan 2014 19:37:04 -0500
From: Dan Brown <dbrown@certicom.com>
To: Watson Ladd <watsonbladd@gmail.com>, Alyssa Rowan <akr@akr.io>
Thread-Topic: [Cfrg] draft-ladd-safecurves-02
Thread-Index: Ac8OZT/V7Te0MOq+D0+GIK2PMeuz3A==
Date: Sat, 11 Jan 2014 00:37:04 +0000
Message-ID: <20140111003703.6111382.10153.8425@certicom.com>
Accept-Language: en-CA, en-US
Content-Language: en-CA
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-ID: <D87D1E9A68BE2D4EA09A73F2268D9AFF@rim.com>
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] draft-ladd-safecurves-02
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2014 00:37:21 -0000

I didn't agree with all the arguments on the Safecurves URL, at least when I last read it a few months ago. Nor did I agree with all DJB said on the TLS WG list.

I'm going to try to write up to CFRG my disagreements soon.

Maybe I'm old school, but I'd expect references to be stable and dated. Even if CFRG consensus (eg all minus me) fully agrees with the site today, the site could change, in a way not expected.

The CFRG consensus may also be to move ahead with these curves, without agreeing fully with the site.

So it might help for the spec to state the CFRG's rationale for accepting these curves.

More practically, ideal would be to advise users of the advantages and disadvantages of these curves, over others.




From: Watson Ladd
Sent: Friday, January 10, 2014 6:31 PM
To: Alyssa Rowan
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] draft-ladd-safecurves-02


On Fri, Jan 10, 2014 at 11:48 AM, Alyssa Rowan <akr@akr.io> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 10/01/2014 19:11, Watson Ladd wrote:
>
>> Added: explicit formulas and a point format (big endian with a bit
>> for the missing coordinate).
>
> Fair enough. (Cofactors were also added, by the way.)
>
>> The name is now the Chicago curves.
>
> As good as any other.
>
> Comments:
> • Typo in end of section one: Weierstrass, not Weierstrauss.

Fixed

> • I think it'd be a little more helpful if section 2 were split into
> two sections: the Montgomery curves, and the Edwards curves. That'd
> make it much more apparent which curves are applicable to which
> sections in 3 and 4.

I'll think about a clean way to do this. Of course, you can use
isogenies to convert
between all of these forms.

> • Pretty please can we have Curve1174 as well?

Included.

Anymore suggestions? This next one it would be nice to get Last Call on.
>
> Other than that, no more comments.
>
> E-521's passed all tests, by the way, as expected (and it seems was
> obviously rigid enough that three groups actually came up with the
> exact same curve!).
>
> I see no particular reason to hold this up.
>
> - --
> /akr
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJS0E6JAAoJEOyEjtkWi2t6V3wP/0CHxxQtWozhfilM5BY+6Ffw
> PosRUsiRAA6V5UCeAiQUWzBUjIhV8kgyQSYTSuxgFNOASFMVIs24sSs48nLcUYjR
> ER+Hmtl8La6OJ/cR0iAaP92PY9UScbUFzWPAJXOljGTPYH7D7dykdAUSnfN5vfy4
> IeBdkJm66C/JYRwq20y3noSlQfJfclJYDOJIscUco6TYGV3/eLjiMFVFQfzAjJlz
> RHDwYbr8Quc2lr4Hjl4mm+NRHFdUskhD4i7lA0DfcjohILxC4dw71f5wlmDehuMI
> /MGccPbcPfQ0lEJpq5E3cY3jNtPU+EonY4TNnBA9mg2a2wVm2iIGOatptEzo+R7Q
> fsjw+i2MXML+gNqpspGcA5RPU3x0DHSSzu5DDhpRH5V+So51mVdXFjGeLrLK1gJk
> CZnOdDGgwc1tmOaphWMZZdcCYZosm8UMqh/J5tHCqUooknWxzVEKUs7eyn3TG6+I
> +gdtbOdZhQf0K8iIXtwc874+G+e2c0MiU64GkNN3UT/7QFQY5zVxcgDLXwzUHcZk
> PXx55n5IFz7iTwjTZd859grGRubHHjqDnnE/gNeWp7iGq2UezYMiRcLJUCehglYi
> 72bAdbRc/bLOBoIHzJSuqEDR0TKRFmmrIN0pfSJe7PO9iun3b/rLIYavDfwH8dLN
> NfKGARVJurKm1aW7wFk5
> =PsP0
> -----END PGP SIGNATURE-----
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg



--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.