Re: [Cfrg] A big, big Elliptic Curve
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 10 April 2016 17:43 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D496A12B052 for <cfrg@ietfa.amsl.com>; Sun, 10 Apr 2016 10:43:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RVsOR4c6kraD for <cfrg@ietfa.amsl.com>; Sun, 10 Apr 2016 10:43:03 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70E9F12B04E for <cfrg@irtf.org>; Sun, 10 Apr 2016 10:43:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 039CEBE2D; Sun, 10 Apr 2016 18:43:02 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6uGRX7JCUhYm; Sun, 10 Apr 2016 18:43:00 +0100 (IST)
Received: from [10.87.49.100] (unknown [86.46.23.241]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 1AF76BDF9; Sun, 10 Apr 2016 18:43:00 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1460310180; bh=ktBR2ZcLWbinXI+lBaadMjjqCTzmaidscVu2bb34U8U=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=UDNNxxblhyUqplxYa8PrKJ6DMS65ONBhbn+I7uyo9BSaNyVj36u0iDHWzKwhHgE+L cFBnOrgB8ItIBZ7RIIdt1lvTFF17fo65g4okF4AZXJtUrBjkcCe4/QvIQxRAqcuOED xdFVrNophZiJiwaACkf7q4id/mu4FE8z5uXcEuBY=
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Mike Hamburg <mike@shiftleft.org>
References: <CAMm+LwgK6rxuwT23+OsBB1Z1=GEd2JmawrjVFDcAqgEQWcpNJg@mail.gmail.com> <858AE939-7119-49DA-A9C2-79B1DF5DC8BB@shiftleft.org> <20160410173148.GA8578@LK-Perkele-V2.elisa-laajakaista.fi>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <570A90A3.5010607@cs.tcd.ie>
Date: Sun, 10 Apr 2016 18:42:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160410173148.GA8578@LK-Perkele-V2.elisa-laajakaista.fi>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms060400000302090409010106"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/gm7-vu4bLuDcl2cS1ZC9T0JZLVo>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] A big, big Elliptic Curve
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Apr 2016 17:43:05 -0000
On 10/04/16 18:31, Ilari Liusvaara wrote: > My interpretation of NSA position & announcements is: > - QC is coming sufficently soon (and here "soon" can mean 30 years or > so) that there is no point in transitioning to ECC anymore. > - NSA thinks that multiplicative-DH is significantly harder than what > "open literature" considers. > That seems like a reasonable interpretation if one takes what they say at face value. I'm not comfortable doing that to be honest. I remain concerned that a part of this could be an attempt to discourage deployment of current crypto by focusing attention on the next shiny thing (pq crypto). I do think we should be doing preparatory work on pq crypto, but I am frankly uneasy to see people seemingly believing what the NSA assert with no real evidence offered. These after all are the same people (or indistinguishable from the people) who were happy to try pull a fast one on another part of their own government (I mean NIST/dual-ec). I think the very least they need to do is to offer evidence if they expect to be believed about anything non-obvious. The solution to this quandry I think is for us to base decisions on whatever openly available evidence we have, but on nothing else. (So we ought not IMO factor in press-releases from anyone.) And yes, if we don't have that evidence, that does create a danger that we ignore qc risks more than we ought. The blame for that however lies clearly with those who muddied the waters. Cheers, S.
- [Cfrg] A big, big Elliptic Curve Phillip Hallam-Baker
- Re: [Cfrg] A big, big Elliptic Curve Mike Hamburg
- Re: [Cfrg] A big, big Elliptic Curve Ilari Liusvaara
- Re: [Cfrg] A big, big Elliptic Curve Stephen Farrell
- Re: [Cfrg] A big, big Elliptic Curve Tanja Lange
- Re: [Cfrg] A big, big Elliptic Curve Peter Gutmann
- Re: [Cfrg] A big, big Elliptic Curve John Mattsson