Re: [Cfrg] big-endian short-Weierstrass please
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 29 January 2015 23:33 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 727A71A8893 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 15:33:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e05Rl06_YHSU for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 15:33:30 -0800 (PST)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 552F71A1B18 for <cfrg@irtf.org>; Thu, 29 Jan 2015 15:33:30 -0800 (PST)
Received: by mail-la0-f48.google.com with SMTP id pv20so20842523lab.7 for <cfrg@irtf.org>; Thu, 29 Jan 2015 15:33:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=qJ2NmXwsDk9F2ZwqXFOOo2FO2NVDZfh/SJPhdNfUvJ8=; b=GU0WcsjhLdYmHckiNCg5KHxYMAgZq7RRO8atpDzF9h8cN+x0Pw/HYCBT258SVa9qGh 9+mPWwGKXrzk56Y1ZvjRCwOeHZ9m+DePcduNGHWfjXGD0qobqfT5nwH+Nq8uMkvrt2SF vPes6IsqCpwKty8Adlmcu8PmvUMs8R/kLvNsBlCLiMT4RGbFQSslUP/GsFwwVBLCFiga PB4COH/rTPtMCEJ/o2X2Dk62IxNzCaG7UDxgqcVGqrXiYtSqIlwbFTitkleY3PT5eYei KfK6QNdQF3MBPvGVeP1ydNs6DSu3St4ekvR4064s6t5/3C/VFxAYW6UHhJspn9QGw5fi CtnA==
MIME-Version: 1.0
X-Received: by 10.112.162.226 with SMTP id yd2mr3771009lbb.1.1422574408742; Thu, 29 Jan 2015 15:33:28 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.147.193 with HTTP; Thu, 29 Jan 2015 15:33:28 -0800 (PST)
In-Reply-To: <D0F00862.205B5%uri@ll.mit.edu>
References: <810C31990B57ED40B2062BA10D43FBF5D42BDA@XMB116CNC.rim.net> <87386ug2r7.fsf@alice.fifthhorseman.net> <810C31990B57ED40B2062BA10D43FBF5D4413B@XMB116CNC.rim.net> <87r3ueedx7.fsf@alice.fifthhorseman.net> <20150128231006.GJ3110@localhost> <D0EED79E.204B1%uri@ll.mit.edu> <878ugleei5.fsf@alice.fifthhorseman.net> <CAMm+LwhD8ZmuO7_OsGYX_VARYT=gDJSkZVavxXkTOvfFLJ-Usg@mail.gmail.com> <CACsn0ckb4xW7gTP4m9BHkQe-Y00Y306wOcuEoSQ25XLeXX14UQ@mail.gmail.com> <CAMm+LwixbMKC+JYRJv2chgBG=dkgqxTNyDY4WZYbKQNzk6isaw@mail.gmail.com> <D0EFF650.2058C%uri@ll.mit.edu> <DA764660-62CE-47C8-B903-78B5B75CD6DB@vpnc.org> <CAMm+Lwhek74JYC1WqKw2XmSGLMnH+XpYRs6j=xUD9B6pjto3tw@mail.gmail.com> <D0F00862.205B5%uri@ll.mit.edu>
Date: Thu, 29 Jan 2015 18:33:28 -0500
X-Google-Sender-Auth: g75Zekt-aT_o5qnEP-FymoNlzyY
Message-ID: <CAMm+LwgtsFoWnpACZn4HRdV2efcMEVYWFAdGXo3_BEOuH-j=mg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
Content-Type: multipart/alternative; boundary="089e0112c86c4cbec6050dd2eaf7"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Wq5SMyUDkU0QyKlVxBx2_jwArGA>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 23:33:32 -0000
On Thu, Jan 29, 2015 at 4:28 PM, Blumenthal, Uri - 0558 - MITLL < uri@ll.mit.edu> wrote: > That seems irrelevant. Some people will never be convinced of some things >> that most other people agree to. >> > > What is being argued against here is making room for DIY curves. > > My point is that the only way to come up with an informed decision to use > someone else's curves is to apply a vast amount of domain specific > expertise plus really trust the supplier to not have something up their > sleeves. > > > Unless that “somebody else” is your boss, or somebody you have informed > reasons to trust. > > Some people (and organizations *:*) tend to trust “their” experts, and > not trust “other” experts as much. As an example – why didn’t NSA adopt > Russian GOST, and why didn’t Russians adopt AES? Probably not because they > question the competence of the other side? :-) > And such people are more than welcome to make use of the existing extension features in TLS 1.x. If you think you have the ability to do this for yourselfs then do it. However I should point out that for TLS 2 I think a very different approach should be taken. * Exactly one preferred (MUST) and one backup algorithm (SHOULD) defined in the protocol with an algorithm numbering scheme that allows only 255 values for each. The objective being to keep algorithm changes to once a decade. This would require us to rev the TLS major version at least once every other millennia. * All other crypto to be identified by ASN.1 OID on a 'its your funeral' basis. The rationale for this is that the IETF currently has three types of algorithm. 1) Those that we have vetted and trust. 2) Those that we have assigned numbers to 3) Those that we have not The problem in my view is that people seem to think that algorithms of type 2 are somehow different than type 3 and this is really not the case. We do not have the bandwidth to validate vanity crypto and algorithms like GOST are mandated by governments who murder their citizens on the streets of London with polonium laced teapots. So I really don't feel like giving any accreditation to such folk. So lets just have two types of crypto algorithm: Those we are really confident of and those we make no comment on. > There should be a set of “universally” accepted curves, so that when you > want to talk to a complete stranger – both of you would use what the > “community” considers cryptographically OK (which belongs to that small > commonly shared set). But that’s only half of use cases. > No, actually that is 100% of the uses for the Internet. All other cases are 'network' security and that is not our problem. One of the problems with IP everywhere is that we have ended up in a situation where it is assumed that we have a duty to solve every type of networking problem. I think providing security advice to people who don't want to follow our security advice is the first thing to stop trying to do.
- [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please David Gil
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Tony Arcieri
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Alyssa Rowan
- Re: [Cfrg] big-endian short-Weierstrass please Stephen Farrell
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Hanno Böck
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Watson Ladd
- Re: [Cfrg] big-endian short-Weierstrass please Dan Brown
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Yoav Nir
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Paul Hoffman
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] big-endian short-Weierstrass please Daniel Kahn Gillmor
- Re: [Cfrg] big-endian short-Weierstrass please Nico Williams
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker
- Re: [Cfrg] big-endian short-Weierstrass please Andrey Jivsov
- Re: [Cfrg] big-endian short-Weierstrass please Phillip Hallam-Baker