Re: [Cfrg] On the use of Montgomery form curves for key agreement

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 02 September 2014 21:54 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC5981A0194 for <cfrg@ietfa.amsl.com>; Tue, 2 Sep 2014 14:54:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbTK2FaCdCZv for <cfrg@ietfa.amsl.com>; Tue, 2 Sep 2014 14:54:17 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 194611A071F for <cfrg@ietf.org>; Tue, 2 Sep 2014 14:54:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 76805BF02; Tue, 2 Sep 2014 22:54:16 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xn-6RJG-9S9Y; Tue, 2 Sep 2014 22:54:15 +0100 (IST)
Received: from [10.87.48.3] (unknown [86.42.236.200]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 414B0BEFF; Tue, 2 Sep 2014 22:54:15 +0100 (IST)
Message-ID: <54063C86.901@cs.tcd.ie>
Date: Tue, 02 Sep 2014 22:54:14 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Benjamin Black <b@b3k.us>
References: <e16ac4926a934565a65456058e50b68e@BL2PR03MB242.namprd03.prod.outlook.com> <CALCETrUby2o5O3=tMkv20JTVkahSo5Wan4oSCPOspRnXhFCg+g@mail.gmail.com> <b53e2c5417d247199f4496e0c0d5c29c@BL2PR03MB242.namprd03.prod.outlook.com> <CACsn0cktxTyPpeaqKU-oL+DiP4Fu0risHB1Wx8-by+94s30h=g@mail.gmail.com> <CA+Vbu7yMvyPzRAGrtVH38mzaYy3XQ1wswEUQisqbwpT10JfQVg@mail.gmail.com> <54058021.9040801@cs.tcd.ie> <CA+Vbu7w995VzPF=nf=DtHRXAEn+3ynNxbYH0CG18Q5j6MMp85g@mail.gmail.com>
In-Reply-To: <CA+Vbu7w995VzPF=nf=DtHRXAEn+3ynNxbYH0CG18Q5j6MMp85g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/ga-pEQKJAfc4miWx2O5V64VumhA
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] On the use of Montgomery form curves for key agreement
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Sep 2014 21:54:19 -0000


On 02/09/14 22:33, Benjamin Black wrote:
> Why would new cipher suites be required to use new curves? Do you mean new
> named curve code points rather than cipher suites?

Sorry, yes, could be one or the other. Either way, the blob could
be interpreted differently for new curves vs. NIST curves if that
made sense and it'd be no big deal. Worst case, you'd need to
update some RFC with text describing encoding of NIST curve blobby
stuff;-)

Just in case: I'm not saying that any particular approach here is
better or not, I'm only saying there's nothing to help pick a new
curve.

> Though our reasons are different, it sounds like we agree on leaving wire
> formats to the WGs.

Yep.

S

> 
> 
> On Tue, Sep 2, 2014 at 1:30 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>;
> wrote:
> 
>>
>> Just on this point...
>>
>> On 02/09/14 02:50, Benjamin Black wrote:
>>> The various working groups and standards bodies have already answered the
>>> question of what goes on the wire.
>>
>> That's not correct. When CFRG finish doing a great job here, then
>> the TLS WG will have to assign new codepoints for ciphersuites and
>> there is nothing stopping them defining new encodings at that point
>> if that's needed. That'd just not be a big deal. And the same is
>> true of other IETF activities. So what goes on the wire should be
>> a non-issue for this discussion really.
>>
>> There is a connection with Russ' point about code re-use, but that's
>> much better considered in the way Russ framed it, as an implementation
>> issue and not as a protocol issue. Note that I'm not saying here that
>> I share Russ' concerns or conclusions, (not having implemented any
>> ECC myself) but I do think his question is the right one to ask.
>>
>> S.
>>
>