Re: [Cfrg] Signatures: curves, algorithms, etc
Damien Miller <djm@mindrot.org> Fri, 30 January 2015 05:27 UTC
Return-Path: <djm@mindrot.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7CB71A8961 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 21:27:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.597
X-Spam-Level:
X-Spam-Status: No, score=-1.597 tagged_above=-999 required=5 tests=[HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PB6UrR5NUBlL for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 21:27:35 -0800 (PST)
Received: from newmailhub.uq.edu.au (mailhub1.soe.uq.edu.au [130.102.132.208]) by ietfa.amsl.com (Postfix) with ESMTP id C96B61A00F1 for <cfrg@irtf.org>; Thu, 29 Jan 2015 21:27:34 -0800 (PST)
Received: from smtp2.soe.uq.edu.au (smtp2.soe.uq.edu.au [10.138.113.41]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id t0U5RSrF006593; Fri, 30 Jan 2015 15:27:28 +1000
Received: from mailhub.eait.uq.edu.au (baccata.eait.uq.edu.au [130.102.79.57]) by smtp2.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id t0U5RSUc025891 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 30 Jan 2015 15:27:28 +1000
Received: from natsu.mindrot.org (natsu.mindrot.org [130.102.96.2]) by mailhub.eait.uq.edu.au (8.14.6/8.14.6) with ESMTP id t0U5RSFF001702; Fri, 30 Jan 2015 15:27:28 +1000 (EST)
Received: by natsu.mindrot.org (Postfix, from userid 1000) id 214EDA4F33; Fri, 30 Jan 2015 16:27:28 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id 20D64A4F30; Fri, 30 Jan 2015 16:27:28 +1100 (AEDT)
Date: Fri, 30 Jan 2015 16:27:28 +1100
From: Damien Miller <djm@mindrot.org>
To: Tony Arcieri <bascule@gmail.com>
In-Reply-To: <CAHOTMVLZ3Hu2iAzAduu2A9kRgu36uVmMhYnEvAm786QyyUQigQ@mail.gmail.com>
Message-ID: <alpine.BSO.2.11.1501301447010.29958@natsu.mindrot.org>
References: <CAHOTMVLZ3Hu2iAzAduu2A9kRgu36uVmMhYnEvAm786QyyUQigQ@mail.gmail.com>
User-Agent: Alpine 2.11 (BSO 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.73 on 130.102.79.57
X-UQ-FilterTime: 1422595649
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/hvPcbrZN_P3COP0mvZqKwaSASVc>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Signatures: curves, algorithms, etc
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 05:27:39 -0000
On Tue, 27 Jan 2015, Tony Arcieri wrote: > I would like to hear the opinions of the chairs and other CFRG participants > on the following: > - Ed25519 and EdDSA > - FrankenECDSA (ECDSA in Edwards) > - ECDSA with Edwards keys on the wire (converted to Weierstrass to do ECDSA) > - Other interesting thoughts on digital signatures As you probably already know OpenSSH is already using Ed25519 for user and host authentication. We chose it because: 1) It's secure; well-reviewed and based on good "bones" (e.g. Schnorr sigs) 1a) It avoids the terrible failure modes of DSA/ECDSA 1b) It's hard for implementors to get wrong 2) It's fast 3) There are excellent reference implementations available We're not interested in adding more DSA/ECDSA variants unless there is some compelling reason (and I don't see any). EdDSA just seems a better algorithm. We're not super-interested in WF >2^128 EdDSA either, but would possibly consider EdDSA at ~WF 2^256 if our users start asking for it. We aren't likely to benefit from batch signing/verification. -d
- [Cfrg] Signatures: curves, algorithms, etc Tony Arcieri
- Re: [Cfrg] Signatures: curves, algorithms, etc Alyssa Rowan
- Re: [Cfrg] Signatures: curves, algorithms, etc Ilari Liusvaara
- Re: [Cfrg] Signatures: curves, algorithms, etc Mike Hamburg
- Re: [Cfrg] Signatures: curves, algorithms, etc Watson Ladd
- Re: [Cfrg] Signatures: curves, algorithms, etc Damien Miller
- Re: [Cfrg] Signatures: curves, algorithms, etc David Leon Gil
- Re: [Cfrg] Signatures: curves, algorithms, etc Mike Hamburg