Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)

"Dan Harkins" <> Sun, 25 January 2015 05:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 28F501A1EF3 for <>; Sat, 24 Jan 2015 21:14:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.167
X-Spam-Status: No, score=-1.167 tagged_above=-999 required=5 tests=[BAYES_50=0.8, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xbpufzzMGTfn for <>; Sat, 24 Jan 2015 21:14:12 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 94DD41A1EFF for <>; Sat, 24 Jan 2015 21:14:12 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id DA96D10224008; Sat, 24 Jan 2015 21:14:11 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Sat, 24 Jan 2015 21:14:12 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <>
Date: Sat, 24 Jan 2015 21:14:12 -0800
From: Dan Harkins <>
To: "Salz, Rich" <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <>
Cc: "" <>
Subject: Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 25 Jan 2015 05:14:14 -0000

On Sat, January 24, 2015 8:18 am, Salz, Rich wrote:
>>   So a long-standing tradition of the on-the-wire format is changed
>> because
>> of the way the first curve25519 library was written? That's a weak
>> justification.
> Strongly disagree.  But this is a religious argument and the sides will
> probably never come to terms.  On the one hand we have tradition. On the
> other we have a large deployed base.  Within the IETF canon of rough
> consensus and running code, which argument will win?  Which argument
> should win?  The IETF should follow its tradition and drop its wire format
> tradition.

  To me it's not a religious argument. But when you just say "strongly
disagree" without any justification for making such a statement then
perhaps I guess I can see how it is religious for you.

  Endianness is the lowest of low levels. It is handled by a function that
is #define'd around an #ifdef LITTLE_ENDIAN in some _common_ include
file. Then everything reading and writing to the network has ntoh_whatever()
routines that call the #define'd function. It makes for portable code.
The alternative is to put endianness knowledge into the crypto library
and have "if (religion) then if (big endian) then foo else bar fi else
ntoh_foo fi". Which is something to which I strongly disagree. Better to
just say "ntoh_foo".

  I remember when the discussion of curve25519 started one of the
proponents mentioned that the idea of many people writing code to
implement it was not necessary, and was unwise, and that everyone
should just use the existing library. And it's that idea that prompted my
statement. We should just change our endianness practices, which make
better looking and more maintainable code, because whoever wrote The
Definitive Reference Implementation of Curve25519 choose little endian
and everyone is just expected to use that. Why? Because.

> The reformation is coming:  fixed on the wire curve formats are gone; it
> is now up to each curve to specify its wire rep.

  And yet counter-reformation was much more grand and beautiful
and majestic as compared to the cold, boring, puritan, calvinist
reformation. Really, it's not anything that needs to be repeated.