Re: [Cfrg] When's the decision?

Yoav Nir <ynir.ietf@gmail.com> Fri, 17 October 2014 09:31 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E59BA1AC3A5 for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 02:31:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNud9KgEpWof for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 02:31:28 -0700 (PDT)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 514961AC3A1 for <cfrg@irtf.org>; Fri, 17 Oct 2014 02:31:28 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id l18so471585wgh.29 for <cfrg@irtf.org>; Fri, 17 Oct 2014 02:31:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8ufP9S/3ZLO6y2/BYwKMAyDBgcceemH10U6qrcQprtA=; b=bQc8B0IdGZyiGvuY3ZfuiKtxm6SBQOMsP3KEUr2YK9WkUHsdI60ikyIOUmrp7VN5H/ bTdKr/X76HB5TrmjShHEb6T+gF5gtlad4c01H7wTJ9jwqHg5YM8f3H+PjTouGOiiiZqi 4pDtmGdo6plr3wegEX2PFER0Hv1b//IdLnefEuQ1r7S6PTC+2xwS59ynQ/F4Br9nQtg/ b5eAzH/WrKF8DzAiGNsdbVcEqrmhWVdmCjf6GYH4qbqkmoUlmsAb9JvcMZn8lvMy+W9W hxo7cFXX1titQYlDA9lbkNHv4rHu4uHXHEGeglgA52kUqqtZRo+C6BXL2XUcPv2Dtn+t 7gSA==
X-Received: by 10.180.9.169 with SMTP id a9mr12561530wib.7.1413538286935; Fri, 17 Oct 2014 02:31:26 -0700 (PDT)
Received: from [192.168.1.104] (IGLD-84-228-54-205.inter.net.il. [84.228.54.205]) by mx.google.com with ESMTPSA id i5sm1021047wjz.0.2014.10.17.02.31.25 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 17 Oct 2014 02:31:26 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <2FBC676C3BBFBB4AA82945763B361DE60A76B232@MX17A.corp.emc.com>
Date: Fri, 17 Oct 2014 12:31:23 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <6BDE7CB3-CFBF-441B-B720-2C150F0934CF@gmail.com>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to> <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com> <D065B1D4.3044B%kenny.paterson@rhul.ac.uk> <2FBC676C3BBFBB4AA82945763B361DE60A76B232@MX17A.corp.emc.com>
To: "Parkinson, Sean" <sean.parkinson@rsa.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/YH0woFS0tQhy9XDClrILzM1Opcs
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Oct 2014 09:31:30 -0000

On Oct 17, 2014, at 11:42 AM, Parkinson, Sean <sean.parkinson@rsa.com> wrote:

> While I still think that X25519 has speed and implementation simplicity advantages over numsp256t1, the fact that it can only be used for key exchange makes it difficult to recommend - you need another curve implementation anyway.
> X25519 is already in use and, even if the CFRG don't recommend it, I believe it will be used - any speed advantage, despite code complexity cost, will be taken by implementers.

I disagree. X25519 is in use in some specialized places, sure. But a recommendation from CFRG will lead to a standards-track document (or two) from TLS and another one from IPsecME. That leads to implementations in the major TLS libraries (OpenSSL, NSS, SCHANNEL) which then means it’s implemented in Chrome, Firefox, Internet Explorer and on the server side, most deployments of Apache and nginx. 

That’s a whole different scale of “used” compared with what we have now.

Yoav