Re: [Cfrg] generic curves ... RE: big-endian short-Weierstrass please
Watson Ladd <watsonbladd@gmail.com> Tue, 03 February 2015 16:50 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4621E1A1AE5 for <cfrg@ietfa.amsl.com>; Tue, 3 Feb 2015 08:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q2cLQSxdQkro for <cfrg@ietfa.amsl.com>; Tue, 3 Feb 2015 08:50:44 -0800 (PST)
Received: from mail-yh0-x234.google.com (mail-yh0-x234.google.com [IPv6:2607:f8b0:4002:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 648071A1A64 for <cfrg@irtf.org>; Tue, 3 Feb 2015 08:50:44 -0800 (PST)
Received: by mail-yh0-f52.google.com with SMTP id f10so18925015yha.11 for <cfrg@irtf.org>; Tue, 03 Feb 2015 08:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=l17aIdS0HPawlKCXUBect5E5uVY7lwIRSMRcRR4UMNE=; b=t4/8n3uZDCzESjavXunA7NM8BC4Ny9z8LY8w4kvB5YGfHgHr49BGZXC5YppMh6YX86 RhgxD2+sLs0KQEcfl8GD1B76Cs5b1aT88EauJ6rxbXOjNlTurxTgTP3KJFQZ1wnHozhH QlGaHLrp6yE+AlOFyhHNTrNI9TygG8tRqJ+hGh2vvv0fAwJwBhi64/DBM4khlByQ/cS9 q0mOhNdHRAoGHyrTWlmtqbWFzBw5uMayTkfvhOwCHA6CcO700hPS/gbmTUTiLGPp8n9t sgaV5Mwlxc4RcDtLQLdYUStYbe8/GRXGHUbuvCbIz4I7CKY+eZvdxWLCGG6CWBuJWtmL 5k/w==
MIME-Version: 1.0
X-Received: by 10.170.112.215 with SMTP id e206mr12140620ykb.126.1422982243466; Tue, 03 Feb 2015 08:50:43 -0800 (PST)
Received: by 10.170.115.77 with HTTP; Tue, 3 Feb 2015 08:50:43 -0800 (PST)
In-Reply-To: <20150202222918.GA13720@roeckx.be>
References: <810C31990B57ED40B2062BA10D43FBF5D45067@XMB116CNC.rim.net> <20150202222918.GA13720@roeckx.be>
Date: Tue, 03 Feb 2015 08:50:43 -0800
Message-ID: <CACsn0ckZcxB863Jba_KO4AAM4UTurR3Y0+8EQZ6GMVGwpzh-ww@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/bYWoVbtKFp2GZMcR_lh2O3ogjs0>
Cc: Dan Brown <dbrown@certicom.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] generic curves ... RE: big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Feb 2015 16:50:46 -0000
On Mon, Feb 2, 2015 at 2:29 PM, Kurt Roeckx <kurt@roeckx.be> wrote: > On Thu, Jan 29, 2015 at 10:09:18PM +0000, Dan Brown wrote: >> New thread name ... should have done so earlier. >> >> When TLS asked CFRG for new curves, I didn't interpret that to mean that >> generic curves would be banned. Banishing generic curves adds slightly more >> weight to the TLS request, because users cannot easily opt out of the chosen >> few elite curves. > > If it's unclear what the TLS WG wants exactly, maybe it's best to > ask them? > > My understanding is that they want fixed named curves. Let me get this right: There are no security concerns with Curve25519. For the entire 12 months we've been piddling away, we could have written Curve25519 in Weierstrass form, and the TLS specification would already have included it as an option. We've still got signatures and the choice of primes at higher security levels to worry about, with about 10 emails total on these topics. Instead we've spent 90+ emails debating whether an opaque byte vector should be big or little endian, after the TLS WG already had this debate. We've exceeded a previously announced deadline by a month. We're still picking editors for a draft that has a hard deadline coming up in March (several hard deadlines), despite dropping several deliverables to make it, and knowing that X25519 is going to be what is in the eventual RFC. When should we expect last call on a draft that describes Curve25519? Sincerely, Watson Ladd > > > Kurt > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] generic curves ... RE: big-endian short-We… Dan Brown
- Re: [Cfrg] generic curves ... RE: big-endian shor… Daniel Kahn Gillmor
- Re: [Cfrg] generic curves ... RE: big-endian shor… Paul Hoffman
- Re: [Cfrg] generic curves ... RE: big-endian shor… Dan Harkins
- Re: [Cfrg] generic curves ... RE: big-endian shor… Aaron Zauner
- Re: [Cfrg] generic curves ... RE: big-endian shor… Kurt Roeckx
- Re: [Cfrg] generic curves ... RE: big-endian shor… Watson Ladd
- Re: [Cfrg] generic curves ... RE: big-endian shor… Paterson, Kenny
- Re: [Cfrg] generic curves ... RE: big-endian shor… Kurt Roeckx
- Re: [Cfrg] generic curves ... RE: big-endian shor… Phillip Hallam-Baker