Re: [Cfrg] On the use of Montgomery form curves for key agreement

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

On 02/09/14 22:33, Benjamin Black wrote:
> Why would new cipher suites be required to use new curves? Do you mean new
> named curve code points rather than cipher suites?

Sorry, yes, could be one or the other. Either way, the blob could
be interpreted differently for new curves vs. NIST curves if that
made sense and it'd be no big deal. Worst case, you'd need to
update some RFC with text describing encoding of NIST curve blobby
stuff;-)

Just in case: I'm not saying that any particular approach here is
better or not, I'm only saying there's nothing to help pick a new
curve.

> Though our reasons are different, it sounds like we agree on leaving wire
> formats to the WGs.

Yep.

S

> 
> 
> On Tue, Sep 2, 2014 at 1:30 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> 
>>
>> Just on this point...
>>
>> On 02/09/14 02:50, Benjamin Black wrote:
>>> The various working groups and standards bodies have already answered the
>>> question of what goes on the wire.
>>
>> That's not correct. When CFRG finish doing a great job here, then
>> the TLS WG will have to assign new codepoints for ciphersuites and
>> there is nothing stopping them defining new encodings at that point
>> if that's needed. That'd just not be a big deal. And the same is
>> true of other IETF activities. So what goes on the wire should be
>> a non-issue for this discussion really.
>>
>> There is a connection with Russ' point about code re-use, but that's
>> much better considered in the way Russ framed it, as an implementation
>> issue and not as a protocol issue. Note that I'm not saying here that
>> I share Russ' concerns or conclusions, (not having implemented any
>> ECC myself) but I do think his question is the right one to ask.
>>
>> S.
>>
>