Re: [Cfrg] Hardware requirements for elliptic curves
Watson Ladd <watsonbladd@gmail.com> Fri, 12 September 2014 01:56 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09CB51A0353 for <cfrg@ietfa.amsl.com>; Thu, 11 Sep 2014 18:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qd8h_XyauFjF for <cfrg@ietfa.amsl.com>; Thu, 11 Sep 2014 18:56:55 -0700 (PDT)
Received: from mail-yh0-x22d.google.com (mail-yh0-x22d.google.com [IPv6:2607:f8b0:4002:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6A1A1A0352 for <cfrg@irtf.org>; Thu, 11 Sep 2014 18:56:55 -0700 (PDT)
Received: by mail-yh0-f45.google.com with SMTP id c41so37240yho.18 for <cfrg@irtf.org>; Thu, 11 Sep 2014 18:56:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=r5ygrPGlphsOHA3PnsBmZ3bzZlsW8DWauvkQj/K8T2g=; b=wi0Ie+mZ8PwNyDOs2IbPQx5GwrgetWRuDq0kUSLa1tlrPUWeOemw/AxAPTVkL1L1Mb wMB1bJMdpmI++43TRAIEfj9wqCMiq2MHWAthWNGiNmBQGJRiYzfiWQwXIYzzlc0Mo8DD MWXH2+NnROjEg2ZFeQhsLYMsX8YS4rU1xtcC9gwlBw9TtFAIdfNzDeL2CzEL7DEhq6Xg o7WPmgOBJo3hv7cCGm+ExWMoSMynr46ShEJK3/iJe3RPHDfoYBC+5AWQkiSQvREUS3Ul DC2ZtwRfZM7rkhkyYfod4ar9DMPI/T6hxG/1WOaialBl+3QD8hWd2GjmWUWm9kTG/5x8 93qg==
MIME-Version: 1.0
X-Received: by 10.236.117.37 with SMTP id i25mr6131542yhh.85.1410487014838; Thu, 11 Sep 2014 18:56:54 -0700 (PDT)
Received: by 10.170.207.216 with HTTP; Thu, 11 Sep 2014 18:56:54 -0700 (PDT)
In-Reply-To: <5411E4BB.3010000@gmx.net>
References: <CALCETrWWoQJn58nJucvC1YM_3gi_hZvzY5c-QbA19huMOabyYQ@mail.gmail.com> <5411E4BB.3010000@gmx.net>
Date: Thu, 11 Sep 2014 18:56:54 -0700
Message-ID: <CACsn0ckpGFdPfge8j2-iBoYb=shFWUxTehA7JziyJw2vWBBNww@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Torsten Schuetze <torsten.schuetze@gmx.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/auHEoAAm7zPw-X11B_VmsiLwgmw
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Hardware requirements for elliptic curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 01:56:57 -0000
So I don't understand why you are asking for something that the brainpool curves don't already give you. We are not removing curves from TLS, and we already knew that FIPS users were likely to not adopt the new curves, so nonsupport isn't an issue. Even if we had only the NIST curves, and did nothing, you would be in the same position. There is an enormous performance benefit in software for special primes, and the sort of side channel attacks that require special blinding don't matter on servers, even if the curve is implemented on hardware. I think it's clear that the desired properties are different enough that there is no way to satisfy everyone. Sincerely, Watson Ladd
- [Cfrg] Hardware requirements for elliptic curves Joppe Bos
- Re: [Cfrg] Hardware requirements for elliptic cur… Alyssa Rowan
- Re: [Cfrg] Hardware requirements for elliptic cur… Michael Hamburg
- Re: [Cfrg] Hardware requirements for elliptic cur… Johannes Merkle
- Re: [Cfrg] Hardware requirements for elliptic cur… Michael Hamburg
- Re: [Cfrg] Hardware requirements for elliptic cur… Alyssa Rowan
- Re: [Cfrg] Hardware requirements for elliptic cur… Andy Lutomirski
- Re: [Cfrg] Hardware requirements for elliptic cur… Robert Ransom
- Re: [Cfrg] Hardware requirements for elliptic cur… Lochter, Manfred
- Re: [Cfrg] Hardware requirements for elliptic cur… Johannes Merkle
- Re: [Cfrg] Hardware requirements for elliptic cur… Wieland.Fischer
- Re: [Cfrg] Hardware requirements for elliptic cur… Alyssa Rowan
- Re: [Cfrg] Hardware requirements for elliptic cur… Watson Ladd
- Re: [Cfrg] Hardware requirements for elliptic cur… Patrick Georgi
- Re: [Cfrg] Hardware requirements for elliptic cur… Paul Lambert
- Re: [Cfrg] Hardware requirements for elliptic cur… Torsten Schuetze
- Re: [Cfrg] Hardware requirements for elliptic cur… Torsten Schuetze
- Re: [Cfrg] Hardware requirements for elliptic cur… Andy Lutomirski
- Re: [Cfrg] Hardware requirements for elliptic cur… Mike Hamburg
- Re: [Cfrg] Hardware requirements for elliptic cur… Torsten Schuetze
- Re: [Cfrg] Hardware requirements for elliptic cur… Watson Ladd
- Re: [Cfrg] Hardware requirements for elliptic cur… Mike Hamburg
- Re: [Cfrg] Hardware requirements for elliptic cur… Alyssa Rowan
- Re: [Cfrg] Hardware requirements for elliptic cur… Lochter, Manfred
- Re: [Cfrg] Hardware requirements for elliptic cur… Alyssa Rowan
- Re: [Cfrg] Hardware requirements for elliptic cur… Dirk Feldhusen
- Re: [Cfrg] Hardware requirements for elliptic cur… Lochter, Manfred
- Re: [Cfrg] Hardware requirements for elliptic cur… Ilari Liusvaara
- Re: [Cfrg] Hardware requirements for elliptic cur… Watson Ladd
- Re: [Cfrg] Hardware requirements for elliptic cur… Peter Gutmann
- [Cfrg] Trusting government certifications of cryp… D. J. Bernstein
- Re: [Cfrg] Trusting government certifications of … David Jacobson
- Re: [Cfrg] Trusting government certifications of … Torsten Schütze
- Re: [Cfrg] Trusting government certifications of … Watson Ladd
- Re: [Cfrg] Trusting government certifications of … Dirk Feldhusen
- Re: [Cfrg] Trusting government certifications of … Michael Hamburg
- Re: [Cfrg] Trusting government certifications of … Dirk Feldhusen
- Re: [Cfrg] Trusting government certifications of … Lochter, Manfred
- Re: [Cfrg] Trusting government certifications of … Mike Hamburg
- Re: [Cfrg] Primes vs. hardware side channels David Leon Gil
- [Cfrg] Primes vs. hardware side channels D. J. Bernstein
- Re: [Cfrg] Primes vs. hardware side channels Alyssa Rowan