Re: [CFRG] [Cfrg] Fwd: Last Call: <draft-ietf-lwig-curve-representations-12.txt> (Alternative Elliptic Curve Representations) to Informational RFC

John Mattsson <john.mattsson@ericsson.com> Tue, 10 November 2020 12:47 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E7873A0C1D for <cfrg@ietfa.amsl.com>; Tue, 10 Nov 2020 04:47:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u70-6anRBJap for <cfrg@ietfa.amsl.com>; Tue, 10 Nov 2020 04:47:07 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60079.outbound.protection.outlook.com [40.107.6.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 974CD3A0D44 for <cfrg@irtf.org>; Tue, 10 Nov 2020 04:47:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ktRU/5pENkZJiunDd4oWui/KbbRcYTU5crmKlVKbD/KIso3c0UtCJmf1KyLvUvPwsy8xdFz4QidBHwWTykZVd/TgppAPle3kPrwiCVIpK7TVZTm/gaPc8av9CFRFKY2bsuNCrofMsP21Mubkukc5jZXX0QSZYrfz22iaHA+UvNBbuJmSk1+lzppQ3WRr6cROboUI8CvEB9NSUmU3cUnvq2foSa/IZvSBJDaKdCYeFHi195zUsLzgBzjKPP1urXYlHUmveHYfhdXelfO+OTFEVRAMmDIIu/vWtmqEcUuKHMpDXmtjOBWN0Sr1NtaWQItJQwp7/R2nwvmckmybY/6GSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wYz/F2efBZiUkIgwDB7tXPnkDaUn5xYIxExOY59LIjs=; b=lQ4u0vMyzYlTt0J0iWJz1DWapUr/AWDOkml9oEZxxg60O3yZe2o66d1+H4OLkKNtOvfRT1pgyFmsLCwFS6JDEXLmTqXkj811QUOWlnk0RsdpI0cRPDinAGsVdS8oM248e13xzxWbA68vWpxCOMTMBVcIGJvGKVOQttWfHI9iVC2ZKkI1BQEp2RP632k57ah3y4cnbmJqCZ344bez0mWln5QJSxfHJIg2V0/Kwc5sHuPygwTpXXn20Z9hq3fdOxU1n5Qd+TVK4kEKLSXUnptyFAGcrRqYEWWbiTxdANcbqucFOEFg8U7eJi0lIUV3he+5gERy3l2mtF8hh3NgmIto8Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wYz/F2efBZiUkIgwDB7tXPnkDaUn5xYIxExOY59LIjs=; b=aZHFc6kNiIMf8b+OYZ3N7ZmCRuOxWeHZm2hhB+o7nh8foP9DkMYIuLacyOBsDBJiYx9egtfqGu7By5ctrWRJJcCkyy0LkpeAKcGDH2JHOGSTNLYqk8JHN75SD42eg9lo4nC7F/JW4bktwM/sw969NairbFB/NLCZkI5zHLjtW4Q=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM7PR07MB6327.eurprd07.prod.outlook.com (2603:10a6:20b:13b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.14; Tue, 10 Nov 2020 12:47:05 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::951:a4c3:7f39:e39c]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::951:a4c3:7f39:e39c%5]) with mapi id 15.20.3564.021; Tue, 10 Nov 2020 12:47:05 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] Fwd: Last Call: <draft-ietf-lwig-curve-representations-12.txt> (Alternative Elliptic Curve Representations) to Informational RFC
Thread-Index: AQHWt1+Xp3Vxa+pyXkCj2//jEmGuZQ==
Date: Tue, 10 Nov 2020 12:47:05 +0000
Message-ID: <F71ECD56-A3E8-49A9-A811-B0CE8F5C2A60@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c7bfd9bd-2cd0-4ad2-7764-08d88576ba9a
x-ms-traffictypediagnostic: AM7PR07MB6327:
x-microsoft-antispam-prvs: <AM7PR07MB632780520145C656006955F289E90@AM7PR07MB6327.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0WI0B3JfGEynq3SmXPKNMxBpDUYmyMJ48NR9Lug6HGdkcGrNNZdTaqrHfDw8mJ3wlNtAu3FMT77VmzMHAC8F/V4gxhnXyLe2uXGUUJYnGgCogG4ekrV1QWa8bHBNKKIGkkYySEKRcnSjwoay9bos0JI0oGM8W8sMbP7ny4ayMvbAeLv2xGHay1MsL3ty2t00lFGNVm6gNhxxy30iApi0wKJJsRXnNvCgFuTRQAfrbsjjV1FWRTMHoQpLFGwGuUdje6zAAOcNacOZZ+SoUxLdW5JCcGdTqSYeOOlevCM4rv6+m0obTEWFPkasX9jk6JersXKz5bWvtMkW2sEKFWqciw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(396003)(136003)(366004)(346002)(376002)(186003)(36756003)(2906002)(83380400001)(6512007)(26005)(2616005)(8676002)(8936002)(5660300002)(316002)(71200400001)(6506007)(86362001)(66946007)(66476007)(66556008)(64756008)(6486002)(44832011)(66446008)(6916009)(33656002)(91956017)(478600001)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 6XXY2YEdUNi5sGny6NDF0xOxlGjg4rvhWJgAteDoClhJKJWfPuJSoWpGaG/IOpUH1gc6cw3nsj9gAxIRseqyrcxyIeuhCPBoNN+m+Djc9+v7v4eZvgvpTtDjcCHIGqW72p3xJpTPme3t/u0fdqrR80fYdMoCpaNzJ1acIZmWOgdHuGDufKvOpEVzQPlnnDsyp9qqzkU9ysHCTKcQzsnaL06zYVrzaxx0FF7vytAjpxvfe8onedhgbT/X95MYWK+KPJvek4/FCPBADvFKrn7xaEp7sI/M62zifJ4Hbgfcft7h2fIMzeFOdvekyTJZEaNkjXLa71mbHJd8l04bJf9QXQgRL33ujAbm/Tsvrpx1lx2lA/m2O1DsXk5VnxWtBc6en7oRgerFkjDvGCWcix1UUGgIOSOFWRGQBDUTe01vgLnbyHOM7KyKyxoyQzImG/6LNbVbn4Vcv2nPGreKDyN97DuPzrn+J610l460L6b2r3CEjapzRuSadMjHO4oPM2Z4rDyBLCcUJ+CGC/oUchHZkM+R9kR0Kq3SYk2r56wJ3MhI/v8UY4c5VQYDwlu4tJ2r+Oi8ECgR5eYw8l3nv3lBqqgUxWbNaQ7L3/YnFPrR40adllcbioNO61QzANRyhLjGGcEckhe6mhRh+sr8YlRVJA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <F7B48A3002CA06408BA8087FF44154DE@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB4584.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c7bfd9bd-2cd0-4ad2-7764-08d88576ba9a
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2020 12:47:05.5575 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qhmsQWMyVFjbpFmC8KbjxGdRVpAe+CEy9N1sUWh4w56WBDy5sLlmPugnxnP1GCrwqU8i9Rc8JMPHtRb3Aj+Yb7ekn4Z4bUGrjnCApJ5EpAc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6327
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/laKsDwsfASA2zFZvUyhoB5HlGCs>
Subject: Re: [CFRG] [Cfrg] Fwd: Last Call: <draft-ietf-lwig-curve-representations-12.txt> (Alternative Elliptic Curve Representations) to Informational RFC
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 12:47:09 -0000

 Benjamin Kaduk wrote:

> I think we've seen this draft discussed previously, but just wanted to raise visibility that it has entered IETF Last Call.

I don't think this draft has been discussed in any working group outside of LWIG. At least I cannot find anything in the mail achieves. I re-read the draft this week as Göran Selander (COSE IANA expert) raised the draft on the COSE WG list. Re-reading it I was surprised to see that the draft now standardizes new curves and register their use in COSE, JOSE, CMS, PKIX. I did not expect such a draft from LWIG. When I reviewed the draft some time ago it only contained formulas to enable use of existing implementations. The abstract does not mention this and has basically not been updated since the -00 version. When I reviewed the draft in LWIG some time ago it only contained formulas to enable use of existing implementations.

- The draft tries to register a lot of low values (-1, -2, -9, -24, -48, -49) in the COSE registries which it obviously cannot as the draft is informational, and the registrations require standards action.

- If a new ECDSA25519 registration is needed for COSE and JOSE, it should be needed for PKIX and CMS as well. My understanding is that ES256 and ecdsa-with-SHA256 are basically the same.

- This draft defines a curve named Wei25519. NIST.SP.800-186-draft defines a curve named W-25519. I really do not want to repeat the mess with secp256r/prime256v1/P-256 where different SDOs standardized different names for the same curve.

- IETF curve definition and OID and IANA registrations of curve25519 in Weirstrass form should absolutely be coordinated with NIST. The last thing anybody want is two identifiers for the same curve, or even worse, two slightly different versions of curve25519 in Weirstrass form. Quickly looking at draft-ietf-lwig-curve-representations-13 and NIST.SP.800-186-draft it looks like the y-coordinate of G is different for Wei25519 and W-25519...

(Otherwise I am positive to the content of this draft and the registration of curve25519 in Weirstrass form for COSE, JOSE, CMS, PKIX).

Cheers,
John