Re: [Cfrg] When's the decision?

"D. J. Bernstein" <djb@cr.yp.to> Wed, 08 October 2014 17:32 UTC

Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9431A1ACD38 for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 10:32:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level:
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GS3U-GCHOkKg for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 10:32:25 -0700 (PDT)
Received: from mace.cs.uic.edu (mace.cs.uic.edu [131.193.32.224]) by ietfa.amsl.com (Postfix) with SMTP id 2FA2F1ACD26 for <cfrg@irtf.org>; Wed, 8 Oct 2014 10:32:24 -0700 (PDT)
Received: (qmail 19366 invoked by uid 1011); 8 Oct 2014 17:32:21 -0000
Received: from unknown (unknown) by unknown with QMTP; 8 Oct 2014 17:32:21 -0000
Received: (qmail 15170 invoked by uid 1001); 8 Oct 2014 17:31:54 -0000
Date: 8 Oct 2014 17:31:54 -0000
Message-ID: <20141008173154.15169.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: cfrg@irtf.org
Mail-Followup-To: cfrg@irtf.org
In-Reply-To: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/_2KVunviyJP4TYLdtMp2W2KPSbk
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Oct 2014 17:32:26 -0000

According to an announcement at ECC today, the Brainpool team is
completing a paper regarding curve requirements. Obviously Brainpool has
been a bit slow to join this discussion, and is already grandfathered
into TLS etc., but it sounds like they're serious about providing input
that might be useful in selecting new curves. It's also not clear to me
whether other teams (such as Barreto et al.) will have curve submissions
once the CFRG requirements are finalized.

Even if there are no other submissions and no changes to the draft
requirements, remember that there's a requirement for wiggle room to be
"quantified". For curves that take the as-fast-as-possible approach,
such as Curve25519, this is mostly answered by Mike Hamburg's "Rigidity
and performance" analysis of wiggle room in as-fast-as-possible primes,
but the chairs might want more information. For the Microsoft curves, I
presume that Microsoft is working on coming into compliance with this
requirement, and we're also doing our own analysis.

---Dan