Re: [Cfrg] Curve manipulation, revisited

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 30 December 2014 18:01 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22E771A039D for <cfrg@ietfa.amsl.com>; Tue, 30 Dec 2014 10:01:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.647
X-Spam-Level:
X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QyeS3TO5755Y for <cfrg@ietfa.amsl.com>; Tue, 30 Dec 2014 10:01:23 -0800 (PST)
Received: from proper.com (Hoffman.Proper.COM [207.182.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FEF01A000C for <cfrg@irtf.org>; Tue, 30 Dec 2014 10:01:23 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91]) (authenticated bits=0) by proper.com (8.14.9/8.14.7) with ESMTP id sBUI1Kxc010634 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 30 Dec 2014 11:01:21 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91] claimed to be [10.20.30.90]
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C71D552370AE@USMBX1.msg.corp.akamai.com>
Date: Tue, 30 Dec 2014 10:01:19 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <6ACF18A4-BBAA-4E00-80FE-BCC62E587C67@vpnc.org>
References: <CAMfhd9W684XMmXn3ueDmwrsQ_ZdiFG+VqYLxkvs7qDwiJdpk6w@mail.gmail.com> <1725646678.805875.1419539885135.JavaMail.yahoo@jws100115.mail.ne1.yahoo.com> <CAMfhd9Ua5fFZk46Xx1AN2VgyJ=Yng6fnO8aN-_ZfzXQn0Xbxhg@mail.gmail.com> <CA+Vbu7zqFcu8d1053mZ_eEm0q=np6T3snSQ4rfY0k1-4hBVDsA@mail.gmail.com> <CAHOTMV+jO+8pvU4-McPb+t-4=0jp0-5Gg-3Psis+zZ-FRu-R3w@mail.gmail.com> <FA87F77E-5709-4F4D-858E-A98F390283AB@vpnc.org> <2A0EFB9C05D0164E98F19BB0AF3708C71D552370AE@USMBX1.msg.corp.akamai.com>
To: "cfrg@irtf.org CFRG" <cfrg@irtf.org>
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/fTF1jMBDvqutY8wnAsUwnJ_x0Nw
Subject: Re: [Cfrg] Curve manipulation, revisited
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2014 18:01:24 -0000

> It's important to not mix key exchange and signature.  My interest, and arguably the primary TLS WG interest, is in the former, not the latter.

The TLS WG cares about both, but in the WG meetings so far, it has only asked about the former because they assumed the latter would come for free. This discussion has made it clearer that the assumption is wrong, but no one has brought that back to the TLS WG yet. Once that is done, particularly if the CFRG says "here is the curve and base point, but we think we're going to have a different signature mechanism later", I believe the TLS WG will be just as borked as they are now. I know that will certainly be the case for the DNS community looking at EC for DNSSEC.

--Paul Hoffman