Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

Yoav Nir <ynir.ietf@gmail.com> Wed, 11 February 2015 14:37 UTC

Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <D10114F3.3E811%kenny.paterson@rhul.ac.uk>
Date: Wed, 11 Feb 2015 16:37:24 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A38BFE1-9A30-4376-AA57-91ECA3671C65@gmail.com>
References: <54D9E2E3.4080402@isode.com> <20150210183423.GA9338@roeckx.be> <1423622761.464212075@apps.rackspace.com> <54DACFB6.1090308@cdac.in> <C7C58FAC-E983-449D-A185-A3A98C2D3DA1@vigilsec.com> <CAMm+Lwhq5FOZ=K_RbYyZ7w5Sa9OAZXuzLXGtWYvEnHCXC2sd1g@mail.gmail.com> <D10114F3.3E811%kenny.paterson@rhul.ac.uk>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/jSVFaMSQLPvWqzuuHwZ2-qn-d9g>
Cc: IRTF CFRG <cfrg@irtf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Precedence: list

> 
> If there's no consensus on doing curves at 192-bit and 256-bit security
> level, then the plan would be to abandon work on such curves until after
> we've delivered recommendations to the TLS WG. The chairs' current
> thinking would be to then come back to this later on. (Of course, at that
> point, people might decide that IETF is not the place to put their
> efforts, and that NIST's activity is the place to be. So be it.)

In that case, my vote (and I realize this is a write-in candidate) is to:
 1. Not delay the answer to TLS about Curve25519
 2. Immediately start a (hopefully) short-term process to make a similar recommendation about Goldilocks or other, similar candidates.
 3. Start a long-term process for a next-generation algorithm, perhaps a genus-2 curve, with the property that it is not likely to fail together with Curve25519.

And since write-ins are not really allowed, I’ll just go with my #1 and vote “No” to both.

Yoav

[Cfrg] Elliptic Curves - poll on security levels … Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Torsten Schütze
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Nguyen Dr., Kim
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Christoph Anton Mitterer
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Paul Hoffman
Re: [Cfrg] Elliptic Curves - poll on security lev… Adam Langley
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Stephen Farrell
Re: [Cfrg] Elliptic Curves - poll on security lev… Salz, Rich
Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
Re: [Cfrg] Elliptic Curves - poll on security lev… Alyssa Rowan
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
Re: [Cfrg] Elliptic Curves - poll on security lev… Станислав Смышляев
Re: [Cfrg] Elliptic Curves - poll on security lev… Andy Lutomirski
Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Damien Miller
Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Jones
Re: [Cfrg] Elliptic Curves - poll on security lev… Benjamin Beurdouche
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… David Leon Gil
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Harkins
Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
Re: [Cfrg] Elliptic Curves - poll on security lev… Bindhunadhava
Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Manger, James
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
Re: [Cfrg] Elliptic Curves - poll on security lev… Eric Rescorla
Re: [Cfrg] Elliptic Curves - poll on security lev… Annie Yousar
Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
Re: [Cfrg] Elliptic Curves - poll on security lev… Andrey Jivsov
[Cfrg] Why I think 256-level is a bad idea [Was: … Ilari Liusvaara
Re: [Cfrg] Why I think 256-level is a bad idea [W… Adam Langley
Re: [Cfrg] Elliptic Curves - poll on security lev… Michael Scott
Re: [Cfrg] Elliptic Curves - poll on security lev… Simon Josefsson
Re: [Cfrg] Elliptic Curves - poll on security lev… _MiW
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
Re: [Cfrg] Elliptic Curves - poll on security lev… Joseph Salowey
Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
Re: [Cfrg] Elliptic Curves - poll on security lev… Nex6|Bill