Re: [Cfrg] On the use of Montgomery form curves for key agreement
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 02 September 2014 21:54 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC5981A0194 for <cfrg@ietfa.amsl.com>; Tue, 2 Sep 2014 14:54:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbTK2FaCdCZv for <cfrg@ietfa.amsl.com>; Tue, 2 Sep 2014 14:54:17 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 194611A071F for <cfrg@ietf.org>; Tue, 2 Sep 2014 14:54:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 76805BF02; Tue, 2 Sep 2014 22:54:16 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xn-6RJG-9S9Y; Tue, 2 Sep 2014 22:54:15 +0100 (IST)
Received: from [10.87.48.3] (unknown [86.42.236.200]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 414B0BEFF; Tue, 2 Sep 2014 22:54:15 +0100 (IST)
Message-ID: <54063C86.901@cs.tcd.ie>
Date: Tue, 02 Sep 2014 22:54:14 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Benjamin Black <b@b3k.us>
References: <e16ac4926a934565a65456058e50b68e@BL2PR03MB242.namprd03.prod.outlook.com> <CALCETrUby2o5O3=tMkv20JTVkahSo5Wan4oSCPOspRnXhFCg+g@mail.gmail.com> <b53e2c5417d247199f4496e0c0d5c29c@BL2PR03MB242.namprd03.prod.outlook.com> <CACsn0cktxTyPpeaqKU-oL+DiP4Fu0risHB1Wx8-by+94s30h=g@mail.gmail.com> <CA+Vbu7yMvyPzRAGrtVH38mzaYy3XQ1wswEUQisqbwpT10JfQVg@mail.gmail.com> <54058021.9040801@cs.tcd.ie> <CA+Vbu7w995VzPF=nf=DtHRXAEn+3ynNxbYH0CG18Q5j6MMp85g@mail.gmail.com>
In-Reply-To: <CA+Vbu7w995VzPF=nf=DtHRXAEn+3ynNxbYH0CG18Q5j6MMp85g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/ga-pEQKJAfc4miWx2O5V64VumhA
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] On the use of Montgomery form curves for key agreement
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Sep 2014 21:54:19 -0000
On 02/09/14 22:33, Benjamin Black wrote: > Why would new cipher suites be required to use new curves? Do you mean new > named curve code points rather than cipher suites? Sorry, yes, could be one or the other. Either way, the blob could be interpreted differently for new curves vs. NIST curves if that made sense and it'd be no big deal. Worst case, you'd need to update some RFC with text describing encoding of NIST curve blobby stuff;-) Just in case: I'm not saying that any particular approach here is better or not, I'm only saying there's nothing to help pick a new curve. > Though our reasons are different, it sounds like we agree on leaving wire > formats to the WGs. Yep. S > > > On Tue, Sep 2, 2014 at 1:30 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> > wrote: > >> >> Just on this point... >> >> On 02/09/14 02:50, Benjamin Black wrote: >>> The various working groups and standards bodies have already answered the >>> question of what goes on the wire. >> >> That's not correct. When CFRG finish doing a great job here, then >> the TLS WG will have to assign new codepoints for ciphersuites and >> there is nothing stopping them defining new encodings at that point >> if that's needed. That'd just not be a big deal. And the same is >> true of other IETF activities. So what goes on the wire should be >> a non-issue for this discussion really. >> >> There is a connection with Russ' point about code re-use, but that's >> much better considered in the way Russ framed it, as an implementation >> issue and not as a protocol issue. Note that I'm not saying here that >> I share Russ' concerns or conclusions, (not having implemented any >> ECC myself) but I do think his question is the right one to ask. >> >> S. >> >
- [Cfrg] On the use of Montgomery form curves for k… Brian LaMacchia
- Re: [Cfrg] On the use of Montgomery form curves f… Andy Lutomirski
- Re: [Cfrg] On the use of Montgomery form curves f… D. J. Bernstein
- Re: [Cfrg] On the use of Montgomery form curves f… Brian LaMacchia
- Re: [Cfrg] On the use of Montgomery form curves f… Tony Arcieri
- Re: [Cfrg] On the use of Montgomery form curves f… Watson Ladd
- Re: [Cfrg] On the use of Montgomery form curves f… Benjamin Black
- Re: [Cfrg] On the use of Montgomery form curves f… Watson Ladd
- Re: [Cfrg] On the use of Montgomery form curves f… Benjamin Black
- Re: [Cfrg] On the use of Montgomery form curves f… Robert Ransom
- Re: [Cfrg] On the use of Montgomery form curves f… Brian LaMacchia
- Re: [Cfrg] On the use of Montgomery form curves f… Stephen Farrell
- Re: [Cfrg] On the use of Montgomery form curves f… Robert Ransom
- Re: [Cfrg] On the use of Montgomery form curves f… Watson Ladd
- Re: [Cfrg] On the use of Montgomery form curves f… Stephen Farrell
- Re: [Cfrg] On the use of Montgomery form curves f… Watson Ladd
- Re: [Cfrg] On the use of Montgomery form curves f… Stephen Farrell
- Re: [Cfrg] On the use of Montgomery form curves f… Nico Williams
- Re: [Cfrg] On the use of Montgomery form curves f… Tanja Lange
- Re: [Cfrg] On the use of Montgomery form curves f… Benjamin Black
- Re: [Cfrg] On the use of Montgomery form curves f… Andrey Jivsov
- Re: [Cfrg] On the use of Montgomery form curves f… Benjamin Black
- Re: [Cfrg] On the use of Montgomery form curves f… Stephen Farrell
- Re: [Cfrg] On the use of Montgomery form curves f… Benjamin Black
- Re: [Cfrg] On the use of Montgomery form curves f… Stephen Farrell
- Re: [Cfrg] On the use of Montgomery form curves f… Andrey Jivsov
- Re: [Cfrg] On the use of Montgomery form curves f… Nico Williams
- Re: [Cfrg] On the use of Montgomery form curves f… Andrey Jivsov
- Re: [Cfrg] On the use of Montgomery form curves f… Michael Hamburg
- Re: [Cfrg] On the use of Montgomery form curves f… Brian LaMacchia
- Re: [Cfrg] On the use of Montgomery form curves f… Tanja Lange
- Re: [Cfrg] On the use of Montgomery form curves f… Paterson, Kenny
- Re: [Cfrg] On the use of Montgomery form curves f… Jim Schaad
- Re: [Cfrg] On the use of Montgomery form curves f… Markulf Kohlweiss
- Re: [Cfrg] On the use of Montgomery form curves f… Paterson, Kenny
- Re: [Cfrg] On the use of Montgomery form curves f… Nico Williams
- Re: [Cfrg] On the use of Montgomery form curves f… Andy Lutomirski
- Re: [Cfrg] On the use of Montgomery form curves f… Manuel Pégourié-Gonnard
- Re: [Cfrg] On the use of Montgomery form curves f… Andy Lutomirski
- Re: [Cfrg] On the use of Montgomery form curves f… Nico Williams
- Re: [Cfrg] On the use of Montgomery form curves f… Andrey Jivsov