[Cfrg] On "non-NIST"

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 25 February 2015 18:05 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0AE71A1A29 for <cfrg@ietfa.amsl.com>; Wed, 25 Feb 2015 10:05:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DFYQ2XrL0MBR for <cfrg@ietfa.amsl.com>; Wed, 25 Feb 2015 10:05:53 -0800 (PST)
Received: from proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3BC81A079D for <cfrg@irtf.org>; Wed, 25 Feb 2015 10:05:53 -0800 (PST)
Received: from [10.20.30.101] (142-254-17-245.dsl.dynamic.fusionbroadband.com [142.254.17.245]) (authenticated bits=0) by proper.com (8.15.1/8.14.9) with ESMTPSA id t1PI5lAb010381 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Feb 2015 11:05:48 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 142-254-17-245.dsl.dynamic.fusionbroadband.com [142.254.17.245] claimed to be [10.20.30.101]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <54EDEE67.1010102@cs.tcd.ie>
Date: Wed, 25 Feb 2015 10:05:47 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <D02DF679-9485-467F-A47C-FFF15139278B@vpnc.org>
References: <54EDDBEE.5060904@isode.com> <54EDEE67.1010102@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/dZwVvHPZX09Fz7GGpDppDeESr6A>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: [Cfrg] On "non-NIST"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 18:05:55 -0000

On Feb 25, 2015, at 7:46 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> I do "prefer" that CFRG document only one of those as being
> the usual non-NIST choice for >128 bit work factor.

The term "non-NIST" is predictive, and the crypto community kinda sucks at predictions. We have no idea what NIST will do in the future if a bunch of IETF WGs adopt specific elliptic curves that are not P256/P384. Unfortunately, I suspect current NIST folks also have no idea what NIST will do in that case either. In the past, NIST has sometimes (but not always) responded to pressure from the real world about crypto algorithms and modes; let's hope for the best here.

--Paul Hoffman