Re: [Cfrg] On process (was Re: Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd))
Alexey Melnikov <alexey.melnikov@isode.com> Tue, 24 February 2015 21:06 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0A9A1A890B for <cfrg@ietfa.amsl.com>; Tue, 24 Feb 2015 13:06:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.11
X-Spam-Level:
X-Spam-Status: No, score=-0.11 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZS9S7iNF9s86 for <cfrg@ietfa.amsl.com>; Tue, 24 Feb 2015 13:06:17 -0800 (PST)
Received: from waldorf.isode.com (ext-bt.isode.com [217.34.220.158]) by ietfa.amsl.com (Postfix) with ESMTP id A2E0C1A8908 for <cfrg@irtf.org>; Tue, 24 Feb 2015 13:06:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1424811975; d=isode.com; s=selector; i=@isode.com; bh=tEnJAnST34H4l0Y2agOwdqKWPK2+XRmA1DI7dSXBgpw=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=LfsMDrHaQWRVVzoOBhcgMNPL1ifu3q5iqsfNm18G7/Ux6SnnsFw0pd6rikMoe3tdpapB0C u8dffIMVfOBlvLer5RHFW15wa70QTGG7cD67cqkX+xdwXdf1e7R1grpxVDAcbAbKfEpbCO +cLPtwHW41NCa0u9AVRVYoxdQZsk5y8=;
Received: from [192.168.0.9] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <VOznxgBB7bbu@waldorf.isode.com>; Tue, 24 Feb 2015 21:06:15 +0000
X-SMTP-Protocol-Errors: PIPELINING
From: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: iPad Mail (12B435)
In-Reply-To: <CACsn0cmZqoPd6CPV7RZE-ozBn1oDgK51212Sv5YXczqNHsA3eg@mail.gmail.com>
X-Identity-Key: id1
Date: Tue, 24 Feb 2015 21:12:51 +0000
X-Account-Key: account1
X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0
Message-Id: <1D4098FF-2097-46B7-AE1F-32D38B8B0B46@isode.com>
X-Mozilla-Keys:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
References: <CACsn0cmZqoPd6CPV7RZE-ozBn1oDgK51212Sv5YXczqNHsA3eg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="Apple-Mail-05718D6D-4B74-4DDC-95E0-0A57F055636A"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/WvAnRTYGAlO6RLF24lrh18oed_A>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] On process (was Re: Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd))
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 21:06:19 -0000
> On 23/02/2015 06:46, Watson Ladd wrote: > On Sat, Feb 21, 2015 at 5:40 AM, Paterson, Kenny > <Kenny.Paterson@rhul.ac.uk> wrote: >> Hi Alyssa, >> >> On 20/02/2015 20:15, "Alyssa Rowan" <akr@akr.io> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA512 >>> >>>> [TA] Have you considered doing a poll of what specific curves >>>> people actually want to use? >>>> [PHB] [Š] your poll [Š] rather undercuts the whole process. >>> Strongly agreed. >>> >>>> [KP] Yes, we considered a number of different ways of narrowing >>>> down our choices. However, we settled on doing it this way. Please >>>> stick with us. >>> With the greatest respect, if upstream and external parties were >>> willing to tolerate undocumented decisions by editor/chair fiat, >>> they'd stick with the NIST curves, wouldn't they? >> I think you have to give the chairs some room to make decisions in order >> to help move things forward. We've been rightly criticised for not doing >> that in recent months, and now we are trying to do better. So cut us some >> slack, please. >> >> Yes, we could have first run a "meta poll" to ask the group what kinds of >> questions they wanted to be asked, or what the topics of the questions >> should be, but I think that would only have led to dismayed comments from >> other participants saying we were not providing enough direction or >> leadership (but Alexey and I are by now well aware that chairs cannot >> please all of the people any of the time, and some of the time we do not >> please anyone; for us, it goes with the territory). > Chairs could avoid making promises about the process they don't end up > keeping. I would say that's the single biggest reason chairs got > criticised. I think the only promise that we made (timeline promises notwithstanding) is that we do a series of polls to narrow down choices of curves and other issues that are needed to finish EC recommendations (signature scheme, coordinate system, Endianness of what goes on the wire, etc.) > >>> We were asked because publicly-documented technical consensus, not >>> guided by any one party, is very highly desirable. >> But then what to do if there is no consensus? This appeared to be the case >> on the specific question of whether we should stick to "traditional powers >> of 2" security levels or not. > But we're already using voting to decide other issues on which there > was no consensus: why is the Goldilocks issue so special? > > You could have had long discussions about which point formats to use, > and decided to use one. You could have done the same for signatures. And have you read my message asking to stay on topic and which topics are coming next? If you did, you would have known that these questions are coming. > But the only aspect that's being formally decided upon by the chairs > is security levels: why? And not even security levels, just a decision > to exclude three candidate curves. > > I could understand making the entire decision. I could understand > voting in various forms. But I don't understand why this particular > decision is being made by chairs, and not others. Chairs pick questions in order to help CFRG move forward on the EC topic. We are not perfect and for that I apologise. Suggestions for better questions are welcome, but please do it without starting a flame war (hint: either ask privately or ask nicely on the mailing list).
- [Cfrg] On process (was Re: Elliptic Curves - poll… Watson Ladd
- Re: [Cfrg] On process (was Re: Elliptic Curves - … Alexey Melnikov
- Re: [Cfrg] On process (was Re: Elliptic Curves - … Watson Ladd
- Re: [Cfrg] On process (was Re: Elliptic Curves - … Alexey Melnikov