Re: [Cfrg] Submission of curve25519 to NIST from CFRG -> was RE: On "non-NIST"

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 11 March 2015 02:42 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79ABD1A0368 for <cfrg@ietfa.amsl.com>; Tue, 10 Mar 2015 19:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKRtjrFZ1HQh for <cfrg@ietfa.amsl.com>; Tue, 10 Mar 2015 19:42:27 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 052541A035F for <cfrg@irtf.org>; Tue, 10 Mar 2015 19:42:27 -0700 (PDT)
Received: by lbiz12 with SMTP id z12so5938249lbi.5 for <cfrg@irtf.org>; Tue, 10 Mar 2015 19:42:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=QrRYZgRTfb1/6g3dxNoa4EwAQ+S/ga6HacHqLnCfpwA=; b=DbZfYkUU+nEttT6LO2Wc4VU07+pCT3OhdudIG5TfWBwOzVxxMExXSJat9K9BtKp0Xt LY1kCVVSbA1ULMYWqJh/H6MPV88g0n4u4Wdrln531+3YdLS+xPGU/r45T654/MYZ4p66 Xpos/LSGES4jDtSkNG0n6q50pFovd+x+zOSQB7XtY2oOvEE6aODUEz5jPcHDlBIbQcQi Lx7IQSHMgJvBvnBdTqaBBQSgVNFdfa2oNV6Ys0LIBdhYHBCgNEsbNpW4w4fAHdCoKsRz gwtKNOjt1599AkcfuBzfIQz0zKN/hujCyNVKqkJPN++jrZbQDkVgAAaCVMPy1+UjVtfZ llww==
MIME-Version: 1.0
X-Received: by 10.112.78.37 with SMTP id y5mr32104905lbw.91.1426041745548; Tue, 10 Mar 2015 19:42:25 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.45.203 with HTTP; Tue, 10 Mar 2015 19:42:25 -0700 (PDT)
In-Reply-To: <CACsn0cnraxUgHNZLcBomtRiyGv8TFrazUNNRBaPU1q=hpiqozQ@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF91123@uxcn10-5.UoA.auckland.ac.nz> <BE305B0B-80D2-48C6-ACE6-6F6544A04D69@vpnc.org> <7BAC95F5A7E67643AAFB2C31BEE662D020E29C4319@SC-VEXCH2.marvell.com> <CAHOTMVLJOhsPoUDoh176U5iM7cOhm_wvCWAY+L8V4m99O4u9TA@mail.gmail.com> <CACsn0ckg2e9wXTuiZD+CaOreKcK+GNrXAWQ1=SyGG9sa=dsJRg@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D020E29C4340@SC-VEXCH2.marvell.com> <CACsn0cnraxUgHNZLcBomtRiyGv8TFrazUNNRBaPU1q=hpiqozQ@mail.gmail.com>
Date: Tue, 10 Mar 2015 22:42:25 -0400
X-Google-Sender-Auth: N7y57OjBw9cyc4kk_LodvMh1QOE
Message-ID: <CAMm+Lwi-yyciD=4rZQUEe3FCUnPby2yzMJnEapLBH1yCp6uPcQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c3bb70adada50510fa37fe"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/_1Nh2H1Fzoxliqd9G7MekaeK1yo>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "EllipticCurves@nist.gov" <EllipticCurves@nist.gov>
Subject: Re: [Cfrg] Submission of curve25519 to NIST from CFRG -> was RE: On "non-NIST"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 02:42:28 -0000

On Tue, Mar 10, 2015 at 7:19 PM, Watson Ladd <watsonbladd@gmail.com> wrote:

>
> On Mar 10, 2015 3:34 PM, "Paul Lambert" <paul@marvell.com> wrote:
> >
> > > Standards fragmentation is a fact of life. But we should strive to
> minimize it.
> > >And we shouldn't make it worse by varying endianess or encoding for
> >
> > Could we please desist with the off-topic rants.  This was a request to
> the Chairs
> > to work more directly with NIST to propagate this task groups
> recommendations.
>
> This group only has a recommendation of a curve right now. But that's not
> enough: you need to specify what gets sent on the wire, and that's where
> NIST potentially picks differently. So it's not enough to say use these
> primes and these curves to NIST: that won't necessarily have the effect you
> intend, precisely because that doesn't specify the coordinates and
> encoding, even if they take our suggestion as opposed to others.
>
> That's the worst possible outcome, especially if the names are the same.
>
No, not really.

Converting from one private key format to another is routine. There is no
requirement for the key to be specified in the same endian order in the
cert and on the wire. It is not a topic that CFRG has a useful opinion on.