Re: [Cfrg] Requirements for curve candidate evaluation update
David Jacobson <dmjacobson@sbcglobal.net> Thu, 14 August 2014 01:42 UTC
Return-Path: <dmjacobson@sbcglobal.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D5291A06E2 for <cfrg@ietfa.amsl.com>; Wed, 13 Aug 2014 18:42:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iefNnlR8GDSJ for <cfrg@ietfa.amsl.com>; Wed, 13 Aug 2014 18:42:07 -0700 (PDT)
Received: from nm14-vm9.access.bullet.mail.gq1.yahoo.com (nm14-vm9.access.bullet.mail.gq1.yahoo.com [216.39.63.252]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6BA91A06D6 for <cfrg@ietf.org>; Wed, 13 Aug 2014 18:42:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s2048; t=1407980526; bh=5donbBHLqonU/hOAY14wn8sqDLYY3v7WV4Xhu+XUsV8=; h=Received:Received:Received:DKIM-Signature:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=MRwTYOUKP47ZON8tgRAF6ab5HtWmcHVLQ7wHKkzYHOSbjiUWUw0ODVYgMwg3LIuvcSCZBE9dV6KFKrP5VmPfmMXklx03efKNu5z6ML/3em1H2Ud9XvwGooI0vUAMf23gzNqQrj7uVtwO+Oo32Rz5eCTYbRPtEBnhJRa061WA0vJ111bkiU723yJStwSr1q0WtllfCrAycWZ5NLidrwBobaRW1BEN320zBrcivBDuq7or8XYCYMefkOZdYm8VerabF/MBA8pjn55lbOd71LD+U7wzYOaM3ZNbOUdUbtGDBy0BqRcKf3izbbJLV65ihYNDtB47dws12Sh4kWNdT9E8MQ==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=sbcglobal.net; b=S4FgL9F3NNVmdD3AMUNuQiXlp+Oou1sWpMtS8+xo5n6nZIDubwbfSRkBsOOkXrSZx0+sFmyJBRlicGmcnhBUQFakduLJQ9qIP/CzsNt0c3QJm6CDFYdpB6Z022j0/RJe80oXWshpKn7o+ddQ0zRbwL+XxGy8/Z76f5AMTdVeYZDMN2AmMwZZ93E8e0Pf/f5MqM46lv0xZkE/GAkVJEHvF237Vm7DxnSwT4T14YLR7wuFwJVdUpTAkUVEdFoXDpZk00NX6P5SXFtzBVu6sV2o0FCJSousIjk4uEp5zGNKzAsAoi2HI1eoW5XDBpNLVYKF79ERtO3mhIAgF9a+ctD3tw==;
Received: from [216.39.60.170] by nm14.access.bullet.mail.gq1.yahoo.com with NNFMP; 14 Aug 2014 01:42:06 -0000
Received: from [67.195.23.147] by tm6.access.bullet.mail.gq1.yahoo.com with NNFMP; 14 Aug 2014 01:42:06 -0000
Received: from [127.0.0.1] by smtp119.sbc.mail.gq1.yahoo.com with NNFMP; 14 Aug 2014 01:42:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1407980526; bh=5donbBHLqonU/hOAY14wn8sqDLYY3v7WV4Xhu+XUsV8=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=ntqb+UzMy0mhqRkEXApkLQyyERwrVBJcu2FtaV/EB5OY2DPI01cm3N9z8wjY0Be7ZBrpTKb8Cbriytd/EWKFhXURHRvd7+7cr8EgKBEKdkzeLDg3LeZoHKEB/HDMbZlYth7bgLqMqJPGbyDtbj4TjTpOjhueqV2GtUa+3XqlJII=
X-Yahoo-Newman-Id: 379941.1315.bm@smtp119.sbc.mail.gq1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: fauA8cIVM1kIwNCya3Xgiyt5ERSyxoLiJnjbuMIxaooa_Jl 8mGJD2fiycmKr4XUeIaHyJkd795ZPKeamYmQApUFfenNqAfYPj_c1EOJ8dxD jmnB6moD4xC_SjoyHHtsGImx_RHxs6ZTnQaMDjSXH6dkI2bZYX31bD3LN1n_ 9Wq0rrfyvlDG9RA1R7qAGg0W47C62gb9DGpdaasKlGJ1i.Nn0zylTfLLDtV7 nhhpZ0mtTjVmT7EQeNkczE9praBZJAMnToZmEUxRrWBd.TaWaR.iZLkjdadU RSXzMav9I_dMzbKiN0bKz0REmsx27gg6feYgBmosr0OKloyCbcRRVVMcL5po f5sVhW0vl03PlZQHvESj2ZClyhkIZKu49cGXyiJEI60A0MDEzJWBxbNa3l2C yW_AvGc6TFNdUpiEi7B0hEpHebOEItg6Mvo9VZ7LDqDgVwgGCCQlwS0K.ufa SDpx_ZWT8xiHbIikLv2pEM9FH_3rNdvaz_3QUGu6jHY_.8IUvJRdErqvg6qj T_FnuEmUey1.HfYYfQ78WVGSa_VFGRw9ogZ35PZUxvXbGzVybiFRO
X-Yahoo-SMTP: nOrmCa6swBAE50FabWnlVFUpgFVJ9Gbi__8U5mpvhtQq7tTV1g--
Message-ID: <53EC13ED.4010905@sbcglobal.net>
Date: Wed, 13 Aug 2014 18:42:05 -0700
From: David Jacobson <dmjacobson@sbcglobal.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <phill@hallambaker.com>, "Salz, Rich" <rsalz@akamai.com>
References: <CA+Vbu7wuAcmtAKJYEgAaSBTf6sj8pRfYpJhz2qV_ER=33mrk8Q@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C8CEB@USMBX1.msg.corp.akamai.com> <CAMm+LwikFfC7AoPyYn8EQsKXiv9X1uvGrdmwRXxiqcCSvNZsqA@mail.gmail.com>
In-Reply-To: <CAMm+LwikFfC7AoPyYn8EQsKXiv9X1uvGrdmwRXxiqcCSvNZsqA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/_Z2_7DQSlMkOwXlOSL5T6-yCvLI
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] Requirements for curve candidate evaluation update
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 01:42:08 -0000
I certainly don't agree that we need to be hamstrung by compatibility with existing HSM. Clearly, the existing HSMs will work with NIST P-256. Let's look at the risks of P-256 on an existing HSM. The only real concern is that the NSA might know a vulnerability. For many users, this is not the end of the world. I would not be surprised if many of the organizations with HSMs are financial institutions or government agencies. These organizations are likely also constrained to FIPS 140-2 validated devices. This means they can't escape FIPS-approved curves, i.e. NIST P-256, etc. And that means that even if we restricted ourselves to short Weierstrass curves, these HSM users still wouldn't be able to use their HSMs. Finally, there is the assumption that the manufacturer of the HSM can't or won't upgrade the firmware. That could be a business decision by the HSM manufacturer, but I doubt it is a technical one. In a past life I worked for a company that built HSMs, and those could have their firmware updated. Admittedly there is some possibility that the upgraded HSM will be slower, depending on how much of any special silcon can be harnessed for the new curve. --David Jacobson On 8/13/14 4:48 PM, Phillip Hallam-Baker wrote: > I really could care less about wire formats. They are completely > mutable at this point. > > The only place where I have real legacy problems is in HSM support. > Long term signature keys have to be generated and stored in HSMs. And > no, that is not a 'nice to have feature', it is a 'be prepared to be > laughed at and told that you completely wasted your time' if it isn't > met type of feature. > > I don't need to be able to use my existing HSMs but if the curves > chosen are not supported by any existing hardware and it takes 3 years > for it to become available then its going to delay everything (apart > from EDH). > > > > > > > On Tue, Aug 12, 2014 at 6:05 PM, Salz, Rich <rsalz@akamai.com> wrote: >> I have asked before, perhaps you missed it. >> >> >> >> I take exception to your claims that “single curve model” and “no change to >> wire formats” are facts on the ground. Can you justify that? >> >> >> >> -- >> >> Principal Security Engineer >> >> Akamai Technologies, Cambridge MA >> >> IM: rsalz@jabber.me Twitter: RichSalz >> >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> http://www.irtf.org/mailman/listinfo/cfrg >> > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Requirements for curve candidate evaluatio… Benjamin Black
- Re: [Cfrg] Requirements for curve candidate evalu… Salz, Rich
- Re: [Cfrg] Requirements for curve candidate evalu… Watson Ladd
- Re: [Cfrg] Requirements for curve candidate evalu… William Whyte
- Re: [Cfrg] Requirements for curve candidate evalu… Mike Hamburg
- Re: [Cfrg] Requirements for curve candidate evalu… Benjamin Black
- Re: [Cfrg] Requirements for curve candidate evalu… Phillip Hallam-Baker
- Re: [Cfrg] Requirements for curve candidate evalu… David Jacobson
- Re: [Cfrg] Requirements for curve candidate evalu… Salz, Rich
- Re: [Cfrg] Requirements for curve candidate evalu… Salz, Rich
- Re: [Cfrg] Requirements for curve candidate evalu… Phillip Hallam-Baker
- Re: [Cfrg] Requirements for curve candidate evalu… Phillip Hallam-Baker
- Re: [Cfrg] Requirements for curve candidate evalu… Benjamin Black
- Re: [Cfrg] Requirements for curve candidate evalu… Benjamin Black
- Re: [Cfrg] Requirements for curve candidate evalu… Alyssa Rowan
- Re: [Cfrg] Requirements for curve candidate evalu… Phillip Hallam-Baker
- Re: [Cfrg] Requirements for curve candidate evalu… Phillip Hallam-Baker
- Re: [Cfrg] Requirements for curve candidate evalu… Alyssa Rowan
- Re: [Cfrg] Requirements for curve candidate evalu… Watson Ladd
- Re: [Cfrg] Requirements for curve candidate evalu… D. J. Bernstein
- Re: [Cfrg] Requirements for curve candidate evalu… Tanja Lange
- Re: [Cfrg] Requirements for curve candidate evalu… Phillip Hallam-Baker