Re: [Cfrg] generic curves ... RE: big-endian short-Weierstrass please

Watson Ladd <> Tue, 03 February 2015 16:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4621E1A1AE5 for <>; Tue, 3 Feb 2015 08:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id q2cLQSxdQkro for <>; Tue, 3 Feb 2015 08:50:44 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4002:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 648071A1A64 for <>; Tue, 3 Feb 2015 08:50:44 -0800 (PST)
Received: by with SMTP id f10so18925015yha.11 for <>; Tue, 03 Feb 2015 08:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=l17aIdS0HPawlKCXUBect5E5uVY7lwIRSMRcRR4UMNE=; b=t4/8n3uZDCzESjavXunA7NM8BC4Ny9z8LY8w4kvB5YGfHgHr49BGZXC5YppMh6YX86 RhgxD2+sLs0KQEcfl8GD1B76Cs5b1aT88EauJ6rxbXOjNlTurxTgTP3KJFQZ1wnHozhH QlGaHLrp6yE+AlOFyhHNTrNI9TygG8tRqJ+hGh2vvv0fAwJwBhi64/DBM4khlByQ/cS9 q0mOhNdHRAoGHyrTWlmtqbWFzBw5uMayTkfvhOwCHA6CcO700hPS/gbmTUTiLGPp8n9t sgaV5Mwlxc4RcDtLQLdYUStYbe8/GRXGHUbuvCbIz4I7CKY+eZvdxWLCGG6CWBuJWtmL 5k/w==
MIME-Version: 1.0
X-Received: by with SMTP id e206mr12140620ykb.126.1422982243466; Tue, 03 Feb 2015 08:50:43 -0800 (PST)
Received: by with HTTP; Tue, 3 Feb 2015 08:50:43 -0800 (PST)
In-Reply-To: <>
References: <> <>
Date: Tue, 03 Feb 2015 08:50:43 -0800
Message-ID: <>
From: Watson Ladd <>
To: Kurt Roeckx <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: Dan Brown <>, "" <>
Subject: Re: [Cfrg] generic curves ... RE: big-endian short-Weierstrass please
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 03 Feb 2015 16:50:46 -0000

On Mon, Feb 2, 2015 at 2:29 PM, Kurt Roeckx <> wrote:
> On Thu, Jan 29, 2015 at 10:09:18PM +0000, Dan Brown wrote:
>> New thread name ... should have done so earlier.
>> When TLS asked CFRG for new curves, I didn't interpret that to mean that
>> generic curves would be banned. Banishing generic curves adds slightly more
>> weight to the TLS request, because users cannot easily opt out of the chosen
>> few elite curves.
> If it's unclear what the TLS WG wants exactly, maybe it's best to
> ask them?
> My understanding is that they want fixed named curves.

Let me get this right:

There are no security concerns with Curve25519.

For the entire 12 months we've been piddling away, we could have
written Curve25519 in Weierstrass form, and the TLS specification
would already have included it as an option.

We've still got signatures and the choice of primes at higher security
levels to worry about, with about 10 emails total on these topics.

Instead we've spent 90+ emails debating whether an opaque byte vector
should be big or little endian, after the TLS WG already had this

We've exceeded a previously announced deadline by a month. We're still
picking editors for a draft that has a hard deadline coming up in
March (several hard deadlines), despite dropping several deliverables
to make it, and knowing that X25519 is going to be what is in the
eventual RFC.

When should we expect last call on a draft that describes Curve25519?

Watson Ladd

> Kurt
> _______________________________________________
> Cfrg mailing list

"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin