Re: [Cfrg] ECC reboot

Andy Lutomirski <luto@amacapital.net> Thu, 23 October 2014 17:49 UTC

Return-Path: <luto@amacapital.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CEA11A0262 for <cfrg@ietfa.amsl.com>; Thu, 23 Oct 2014 10:49:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RN1XPYrqBb7S for <cfrg@ietfa.amsl.com>; Thu, 23 Oct 2014 10:49:46 -0700 (PDT)
Received: from mail-la0-f48.google.com (mail-la0-f48.google.com [209.85.215.48]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B59F11A90DF for <cfrg@irtf.org>; Thu, 23 Oct 2014 10:49:39 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id gi9so1280262lab.7 for <cfrg@irtf.org>; Thu, 23 Oct 2014 10:49:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Tnqh46lD9M9zixrU138JC6ZG1NP6Ii+Eso9fY67h7Wo=; b=a7BzNQTd05Dng4O8jexZRrBk2uhqKIN3Ms+GWTi0R1J3ecQKAZJ2wT89Jhdpnm4ndU uighOS+/RqiPOL7eLsORikvwKDUlZb0JWZZUMleTcxvenNBkIMqKuGfRVmZcLOV9WSf/ vVRGYAXhXlJ8x/SDBWRJncASJCX4jkSolg6YV7lwzDWKC+qSaKubXmw4BOXF0aYCL4Ia 64+cEuWccG6DgM6jPZH1j9tCLo4auAREKdk8ZoHQ7rXHrsUzo/g05aRhCanjGtZCBazg NEvfnI42VXHB08rdghvzfQv5W1HQcNW+ePalcmM7lVr5qVhya3PxxJIi+DdSG9DprzAG IGIw==
X-Gm-Message-State: ALoCoQleU1RMMvKOTGmxKjsQ8WunKgz77CXyyiHf4h2ChVxpwYV6xHabETpm4x77XDnZoGckzh0L
X-Received: by 10.112.254.162 with SMTP id aj2mr6902284lbd.70.1414086577557; Thu, 23 Oct 2014 10:49:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.4.71 with HTTP; Thu, 23 Oct 2014 10:49:17 -0700 (PDT)
In-Reply-To: <54493DB1.5070204@akr.io>
References: <D065A817.30406%kenny.paterson@rhul.ac.uk> <54400E9F.5020905@akr.io> <CAMm+LwhVKBfcfrXUKmVXKsiAMRSTV+ws+u07grmxkfnR2oYJoQ@mail.gmail.com> <5218FD35-E00A-413F-ACCB-AA9B99DEF48B@shiftleft.org> <m3r3y6z3z8.fsf@carbon.jhcloos.org> <CA+Vbu7x4Y_=JZ9Ydp=U5QnJokL28QMQnV4XUn9S6+CUZR9ozEw@mail.gmail.com> <5444D89F.5080407@comodo.com> <90C609A5-ECB2-4FDC-9669-5830F3463D2B@akr.io> <5448DBE2.10107@comodo.com> <CACsn0cne95adtTbCf6WyAZGyCSyLXo5L0302rm7238yHAsE5EQ@mail.gmail.com> <54493DB1.5070204@akr.io>
From: Andy Lutomirski <luto@amacapital.net>
Date: Thu, 23 Oct 2014 10:49:17 -0700
Message-ID: <CALCETrWjR4ROJJFBTo-zAVUg6t50ppm0O_fd=gf2tCr8-evDwg@mail.gmail.com>
To: Alyssa Rowan <akr@akr.io>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/jAEcB9J99wdLQ_ktfdVBhA-cguw
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] ECC reboot
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Oct 2014 17:49:47 -0000

On Thu, Oct 23, 2014 at 10:41 AM, Alyssa Rowan <akr@akr.io> wrote:
>> How long do you think it would take to make an HSM that supports
>> our choice?
>
> Depends: from what I've seen a few HSMs are flexible enough to run
> whatever we choose. (I'll refrain from discussion of specific vendors:
> it is for them to speak up if they wish.)

This seems like a good time to point out that Intel SGX is coming
soon.  With SGX, some performance-critical HSM applications could be
replaced with hardware-assisted secure *software* enclaves on
supported Intel chips.

For this application, the relevant factors will be software speed
(because it's just x86 software), freedom from timing attacks, and
freedom from secrets being leaked in memory access patterns.

Some users might require certification, but there will be no
additional hardware development effort whatsoever to add new curves.

--Andy