Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 10 February 2015 15:14 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12DD01A0395 for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 07:14:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J1VrL0N_vquW for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 07:14:31 -0800 (PST)
Received: from mail-la0-f53.google.com (mail-la0-f53.google.com [209.85.215.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B0311A0058 for <cfrg@irtf.org>; Tue, 10 Feb 2015 07:14:31 -0800 (PST)
Received: by labgd6 with SMTP id gd6so11794035lab.7 for <cfrg@irtf.org>; Tue, 10 Feb 2015 07:14:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=6E5LRuGGZZLmN5BUZNpdFVL/cizym14E6cZzLzztcdE=; b=fEBfEVMlzK9bKVfqfj/bbYIc62/eVEpw2W6bApBe3yguuj/matbWswGEzw0RUkqlaU DPw4QAsakWYnW97wDOYz8qIWMEY6nGh9FvJnOQ94gYzXy2mPlv16OXkRBlap20stO6Yw BvuNSyrG/cpGhcjonYGPqQs6jBO0QuuMV72nrhHPPtG72qyp5hVH9fnuXr9nmHqav4UN +IdWw0+5PmF+ZD2Eu35ypiuHIHxKrskZHzgAt4nMu6rutkrt9W0ZqmQvkyZlrwokqMJX lG3pIABDBUVBtRJiofJJ9vm1A0ok62wHzb/V5lndJOCJLS1LB5F7AvpUVvtcLorZM0d8 Z9dQ==
MIME-Version: 1.0
X-Received: by 10.112.78.39 with SMTP id y7mr23774150lbw.58.1423581269601; Tue, 10 Feb 2015 07:14:29 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.147.193 with HTTP; Tue, 10 Feb 2015 07:14:29 -0800 (PST)
In-Reply-To: <54D9E2E3.4080402@isode.com>
References: <54D9E2E3.4080402@isode.com>
Date: Tue, 10 Feb 2015 10:14:29 -0500
X-Google-Sender-Auth: VC4AxCA6V3-zp967QQxqkbeFuEw
Message-ID: <CAMm+LwjVm_UyP2euBUR4or9kKgEDtroqJc7S59rEED2YX7Dozw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Content-Type: multipart/alternative; boundary="001a11c3da2ee2327a050ebd5756"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/aIEwHGLhlHc73Fwj_o7gQ6O7n9s>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2015 15:14:39 -0000
On Tue, Feb 10, 2015 at 5:52 AM, Alexey Melnikov <alexey.melnikov@isode.com> wrote: > CFRG chairs are starting a poll, containing 2 initial questions: > > Q1: Should CFRG recommend a curve at the 192-bit security level? > > Q2: Should CFRG recommend a curve at the 256-bit security level? > Q1: No Q2: Yes The reason I don't see a need for 192 bit is that I have never seen significant use of 192 bit AES. The more complexity we put into the systems, the more opportunity there is for attack. This is not a choice like RSA or DH where the exact same code can be used for different bit levels. The two places we will be using the code is for ephemeral key agreement and for initial agreement of a master key. Assuming that we fix the TLS key derivation alg so that a 128 bit ephemeral does not weaken a 256 bit negotiation, I predict ephemeral will be exclusively Curve 25519 and PKI will be exclusively Curve~512. Phill
- [Cfrg] Elliptic Curves - poll on security levels … Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Torsten Schütze
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
- Re: [Cfrg] Elliptic Curves - poll on security lev… Nguyen Dr., Kim
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
- Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Christoph Anton Mitterer
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paul Hoffman
- Re: [Cfrg] Elliptic Curves - poll on security lev… Adam Langley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stephen Farrell
- Re: [Cfrg] Elliptic Curves - poll on security lev… Salz, Rich
- Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
- Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on security lev… Станислав Смышляев
- Re: [Cfrg] Elliptic Curves - poll on security lev… Andy Lutomirski
- Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
- Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Jones
- Re: [Cfrg] Elliptic Curves - poll on security lev… Benjamin Beurdouche
- Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
- Re: [Cfrg] Elliptic Curves - poll on security lev… David Leon Gil
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Harkins
- Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
- Re: [Cfrg] Elliptic Curves - poll on security lev… Bindhunadhava
- Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
- Re: [Cfrg] Elliptic Curves - poll on security lev… Manger, James
- Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
- Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Eric Rescorla
- Re: [Cfrg] Elliptic Curves - poll on security lev… Annie Yousar
- Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Andrey Jivsov
- [Cfrg] Why I think 256-level is a bad idea [Was: … Ilari Liusvaara
- Re: [Cfrg] Why I think 256-level is a bad idea [W… Adam Langley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Michael Scott
- Re: [Cfrg] Elliptic Curves - poll on security lev… Simon Josefsson
- Re: [Cfrg] Elliptic Curves - poll on security lev… _MiW
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on security lev… Joseph Salowey
- Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on security lev… Nex6|Bill