Re: [Cfrg] ECC reboot (Was: When's the decision?)
Andy Lutomirski <luto@amacapital.net> Thu, 16 October 2014 18:07 UTC
Return-Path: <luto@amacapital.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 295A41A6FEE for <cfrg@ietfa.amsl.com>; Thu, 16 Oct 2014 11:07:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbU9emjpv6ZV for <cfrg@ietfa.amsl.com>; Thu, 16 Oct 2014 11:07:02 -0700 (PDT)
Received: from mail-lb0-f171.google.com (mail-lb0-f171.google.com [209.85.217.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C5101A037C for <cfrg@irtf.org>; Thu, 16 Oct 2014 11:07:02 -0700 (PDT)
Received: by mail-lb0-f171.google.com with SMTP id z12so3293637lbi.16 for <cfrg@irtf.org>; Thu, 16 Oct 2014 11:07:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=rUctzJ5EtVWXgJVddNMuDe9NsLX3ON1XXC9fg5qAFhM=; b=dKiopJ6LN0NchAheB0UTzRipMux+MNRQIC5AwlK+mZfTvm2D9RTokJopI+ks2BpLmS sot08q3yiKWaqoH+bd9+tuuo55crVA0csifz4OVsiRv/YIW0w+2x8xlReSoksAZq8CYk /3Yx0wA3emRH43lZdIB1Y5yhmUW79r9QWcVYbaf6lvWBCa41LFnuA1bzZNIOhJTOyb2e Fu9nGmoqx2UDaTuk3BnKIcYtw8ZhLrpMHADoBcAROS3yYj7BK+QwpstkRvaWkXRgZKkM xIFQhZkn/rEi5qPmCyC+uITrWJMUDIQPtsPLQB7l0lDpYHfmmCTivpVQZVaCA9A5Dn6n z1fg==
X-Gm-Message-State: ALoCoQnb6iKv4xvI1st6U3zBrronfHeikx14aYm0HIHyStGMd0EVrdEtLEkuVJX3NYtAsVlTTr8Z
X-Received: by 10.152.42.172 with SMTP id p12mr3395654lal.11.1413482820384; Thu, 16 Oct 2014 11:07:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.36.106 with HTTP; Thu, 16 Oct 2014 11:06:40 -0700 (PDT)
In-Reply-To: <20141016180045.GA20823@LK-Perkele-VII>
References: <D065A817.30406%kenny.paterson@rhul.ac.uk> <543FF1A7.8030908@secunet.com> <544002AF.1020107@akr.io> <20141016180045.GA20823@LK-Perkele-VII>
From: Andy Lutomirski <luto@amacapital.net>
Date: Thu, 16 Oct 2014 11:06:40 -0700
Message-ID: <CALCETrWJfEzvgV=LiAc4SFsbDGSFNxiJsMx2b2H8XTOn0bOsew@mail.gmail.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/hh50uXnkBTig6NlBPjdj6G1uEWw
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] ECC reboot (Was: When's the decision?)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 18:07:05 -0000
On Thu, Oct 16, 2014 at 11:00 AM, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > On Thu, Oct 16, 2014 at 06:38:55PM +0100, Alyssa Rowan wrote: >> >> It seems to me at this stage that the requirements of the >> existing-hardware stakeholders of the Brainpool may be not only >> orthogonal, but actually (potentially) in direct opposition to the >> requirements of the software stakeholders - and further their >> requirements may (perhaps) already be satisfied by the Brainpool curves? > > I think the requirements are in direct opposition. > > And I know no reason why existing Brainpool curves wouldn't be usable > for "high-security" hardware. Are the Brainpool curves really VPR? They're certainly far better in that regard than the NIST curves, but the BADA55 paper points out correctly that the "verifiably" part is weak. (The BADA55 curves themselves might actually not be so bad. They were clearly fudged, but the BADA55 property seems highly unlikely to be a cryptographic weakness, and fudging them to have some other unlikely property as well would have been rather expensive.) --Andy
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Paterson, Kenny
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Johannes Merkle
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Paterson, Kenny
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Ilari Liusvaara
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Alyssa Rowan
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Andy Lutomirski
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Ilari Liusvaara
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Alyssa Rowan
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Johannes Merkle
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Alyssa Rowan
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Ilari Liusvaara
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Johannes Merkle
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Hallof, Andreas
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Manuel Pégourié-Gonnard
- Re: [Cfrg] ECC reboot (Was: When's the decision?) David Leon Gil
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Hallof, Andreas
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Watson Ladd
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Michael Hamburg
- Re: [Cfrg] ECC reboot (Was: When's the decision?) David Leon Gil
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Phillip Hallam-Baker
- Re: [Cfrg] Hardware requirements, Brainpool (was:… Alyssa Rowan
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Michael Hamburg
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Stephen Farrell
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Watson Ladd
- Re: [Cfrg] ECC reboot James Cloos
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Phillip Hallam-Baker
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Benjamin Black
- Re: [Cfrg] ECC reboot Benjamin Black
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Michael Hamburg
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Watson Ladd
- Re: [Cfrg] ECC reboot Rob Stradling
- Re: [Cfrg] ECC reboot Alyssa Rowan
- [Cfrg] W3C WebCrypto WG Liasioning [was Re: ECC r… Harry Halpin
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Lochter, Manfred
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Ilari Liusvaara
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Lochter, Manfred
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Tanja Lange
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Alyssa Rowan
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Lochter, Manfred
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Alyssa Rowan
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Johannes Merkle
- Re: [Cfrg] ECC reboot Rob Stradling
- Re: [Cfrg] ECC reboot (Was: When's the decision?) Ilari Liusvaara
- Re: [Cfrg] ECC reboot Watson Ladd
- Re: [Cfrg] ECC reboot Phillip Hallam-Baker
- Re: [Cfrg] ECC reboot Phillip Hallam-Baker
- Re: [Cfrg] ECC reboot Alyssa Rowan
- Re: [Cfrg] ECC reboot Andy Lutomirski
- Re: [Cfrg] ECC reboot Phillip Hallam-Baker
- Re: [Cfrg] ECC reboot Andy Lutomirski
- Re: [Cfrg] ECC reboot Ilari Liusvaara
- Re: [Cfrg] ECC reboot Michael Hamburg
- Re: [Cfrg] ECC reboot Rob Stradling
- Re: [Cfrg] ECC reboot Phillip Hallam-Baker
- Re: [Cfrg] ECC reboot Andy Lutomirski
- Re: [Cfrg] ECC reboot Watson Ladd
- Re: [Cfrg] ECC reboot Samuel Neves
- Re: [Cfrg] ECC reboot Michael Hamburg
- Re: [Cfrg] ECC reboot Michael Hamburg
- Re: [Cfrg] ECC reboot Ilari Liusvaara