Re: [Cfrg] ECC reboot (Was: When's the decision?)

"Lochter, Manfred" <manfred.lochter@bsi.bund.de> Tue, 21 October 2014 08:32 UTC

Return-Path: <manfred.lochter@bsi.bund.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF861A03D0 for <cfrg@ietfa.amsl.com>; Tue, 21 Oct 2014 01:32:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.859
X-Spam-Level:
X-Spam-Status: No, score=-3.859 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QkUrdnxcz6TY for <cfrg@ietfa.amsl.com>; Tue, 21 Oct 2014 01:32:34 -0700 (PDT)
Received: from m2-bln.bund.de (m2-bln.bund.de [77.87.224.106]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D4EB1A00D7 for <cfrg@irtf.org>; Tue, 21 Oct 2014 01:27:28 -0700 (PDT)
Received: from m2.mfw.bln.ivbb.bund.de (localhost.mfw.bln.ivbb.bund.de [127.0.0.1]) by m2-bln.bund.de (8.14.3/8.14.3) with ESMTP id s9L8RPuh005162 for <cfrg@irtf.org>; Tue, 21 Oct 2014 10:27:26 +0200 (CEST)
Received: (from localhost) by m2.mfw.bln.ivbb.bund.de (MSCAN) id 5/m2.mfw.bln.ivbb.bund.de/smtp-gw/mscan; Tue Oct 21 10:27:25 2014
X-P350-Id: 2230c75a3228f050
X-Virus-Scanned: by amavisd-new at bsi.bund.de
From: "Lochter, Manfred" <manfred.lochter@bsi.bund.de>
Organization: BSI Bonn
To: cfrg@irtf.org
Date: Tue, 21 Oct 2014 10:27:13 +0200
User-Agent: KMail/1.9.10 (enterprise35 20140205.23bb19c)
References: <D065A817.30406%kenny.paterson@rhul.ac.uk> <842BF4E0-8132-42F6-BDE6-65717E004006@shiftleft.org> <54418A8F.3090506@cs.tcd.ie>
In-Reply-To: <54418A8F.3090506@cs.tcd.ie>
X-KMail-QuotePrefix: >
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-ID: <201410211027.13608.manfred.lochter@bsi.bund.de>
X-AntiVirus: checked by Avira MailGate (version: 3.2.1.26; AVE: 8.3.24.38; VDF: 7.11.180.32; host: sgasmtp2.bsi.de); id=15570-jXRvY6
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/eGzjAoENL-2wPiTe-rEZCbXFhjQ
Subject: Re: [Cfrg] ECC reboot (Was: When's the decision?)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 08:32:37 -0000





__________ ursprüngliche Nachricht __________

Von:		Stephen Farrell <stephen.farrell@cs.tcd.ie>
Datum:	Freitag, 17. Oktober 2014, 23:30:55
An:		Michael Hamburg <mike@shiftleft.org>
Kopie:	"cfrg@irtf.org" <cfrg@irtf.org>
Betr.:	Re: [Cfrg] ECC reboot (Was: When's the decision?)

> On 17/10/14 18:58, Michael Hamburg wrote:
> > So is the thrust of this whole argument “have your special curves,
> > but make Brainpool mandatory to implement”?  If so, just say so, and
> > let the forum discuss it separately, and unblock the discussion of
> > new curves.
>
> If that were the case then CFRG would be the wrong forum. Which algs
> are MTI for which IETF protocols is an IETF issue.
>
> S.
>

I can assure you that this is not the case. The Brainpool paper 
eprint.iacr.org/2014/832 discusses selection criteria for secure elliptic 
curves and their use. We basically look at different attack models and derive 
requirements on secure elliptic curves. (A very simplistic way of describing 
the attack models is HW vs. SW).
In my understandig that is exactly the topic of the cfrg discussion.  

Actually, we do not even propose that the cfrg choose the Brainpool curves, we 
just propose to generate two sets of curves, one using special primes and one 
using special primes. Here we assume the generation process to be a trusted 
pocess. We also note that a flexible approach that allows an easy replacement 
of curves is very desirable.

As the cfrg  also discusses parameter lengths I would like to add that it is 
completely adequate to use 384 bit curves even for highest security demands. 
So, 384 bit curves must be included in any proposed set of curves.

Manfred




> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg

-- 
Lochter, Manfred
--------------------------------------------
Bundesamt für Sicherheit in der Informationstechnik (BSI)
Referat K21
Godesberger Allee 185 -189
53175 Bonn

Postfach 20 03 63
53133 Bonn

Telefon: +49 (0)228 99 9582 5643
Telefax: +49 (0)228 99 10 9582 5643
E-Mail: manfred.lochter@bsi.bund.de
Internet:
www.bsi.bund.de
www.bsi-fuer-buerger.de