IETF Logo Mail Archive

Re: [Cfrg] big-endian short-Weierstrass please

Watson Ladd <watsonbladd@gmail.com> Thu, 29 January 2015 17:50 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9AED1A1EF1 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 09:50:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzU2hHjrcT8M for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 09:50:38 -0800 (PST)
Received: from mail-yk0-x22a.google.com (mail-yk0-x22a.google.com [IPv6:2607:f8b0:4002:c07::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A97A81A1BC8 for <cfrg@irtf.org>; Thu, 29 Jan 2015 09:50:38 -0800 (PST)
Received: by mail-yk0-f170.google.com with SMTP id q9so14533832ykb.1 for <cfrg@irtf.org>; Thu, 29 Jan 2015 09:50:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=l+z8EPnUhKtUi/wYaqpM+fleyEaiqQu6QIlR44FMHMA=; b=OYbDyMTPzVOOh3366hXBFcH53nY1u+TQR4R+QQx99WSgFf5TOpe5KUloWx7RKa4hQQ 3KczrZ47dSHAdZxfFj9QxOaoVtjo4kOugkUems/Nx9V8oXVqNHd8Ggo03fQTeX6vI8cu T/0qaRbyLflovPqwkxEYn7YIqycIumvxowNIPrKQunxwwtXtC2w+UK5k7ydtek8TD6ZZ 7gTningq5vyfbBxNWHgsri+u1D5rzasgCzhBqinXQ1FsNzgqSljnKdW2D+vlxLpVSqxW x6rmBVTr+MABINk7T1gXAsCvtAXa/WVI+YxxJKbM7uSpiBfODF/KaubK70eEfcYo+4Is +Wfg==
MIME-Version: 1.0
X-Received: by 10.236.61.8 with SMTP id v8mr1110509yhc.44.1422553837880; Thu, 29 Jan 2015 09:50:37 -0800 (PST)
Received: by 10.170.115.77 with HTTP; Thu, 29 Jan 2015 09:50:37 -0800 (PST)
Received: by 10.170.115.77 with HTTP; Thu, 29 Jan 2015 09:50:37 -0800 (PST)
In-Reply-To: <CAMm+LwhD8ZmuO7_OsGYX_VARYT=gDJSkZVavxXkTOvfFLJ-Usg@mail.gmail.com>
References: <810C31990B57ED40B2062BA10D43FBF5D42BDA@XMB116CNC.rim.net> <87386ug2r7.fsf@alice.fifthhorseman.net> <810C31990B57ED40B2062BA10D43FBF5D4413B@XMB116CNC.rim.net> <87r3ueedx7.fsf@alice.fifthhorseman.net> <20150128231006.GJ3110@localhost> <D0EED79E.204B1%uri@ll.mit.edu> <878ugleei5.fsf@alice.fifthhorseman.net> <CAMm+LwhD8ZmuO7_OsGYX_VARYT=gDJSkZVavxXkTOvfFLJ-Usg@mail.gmail.com>
Date: Thu, 29 Jan 2015 09:50:37 -0800
Message-ID: <CACsn0ckb4xW7gTP4m9BHkQe-Y00Y306wOcuEoSQ25XLeXX14UQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="089e0160a6d42e4c38050dce206d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/mAxL6BvyOrlqAoHIvWb-2bR-UFU>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 17:50:44 -0000

On Jan 29, 2015 9:36 AM, "Phillip Hallam-Baker" <phill@hallambaker.com>
wrote:
>
>
>
> On Thu, Jan 29, 2015 at 11:30 AM, Daniel Kahn Gillmor <
dkg@fifthhorseman.net> wrote:
>>
>> On Wed 2015-01-28 18:38:49 -0500, Blumenthal, Uri - 0558 - MITLL wrote:
>> > The problem is - reasonably-vetted by who? NIST? DJB? Yourself? All of
the
>> > above?
>>
>> If this lengthy process we're involved in doesn't turn out to be
>> reasonable vetting by a multistakeholder group, i'll be sorely
>> disappointed.
>>
>> > Attractiveness of the ability to select a custom curve is similar to
that
>> > of PGP Web of Trust: you can make a choice for yourself, rather than
being
>> > forced into what other experts (or “experts” :) decide for you.
>>
>> This is different from the PGP Web of Trust.  If i'm communicating with
>> a new peer using TLS, and they want to use MagicCurveX that i've never
>> seen before, my TLS client is not going to be able to evaluate it
>> properly, certainly not before the TLS handshake expires.
>
>
> +1
>
> Deploying and implementing cryptosystems requires an enormous amount of
expertise and they can fail in many different ways of which a flaw in the
cryptographic algorithm security is very very rare.
>
> We are not using the web of trust model to develop code so why on earth
try to apply it to choice of algorithm?
>
> The reason for applying web of trust is when there is no good
alternative. I have written papers recently where I show how we might make
the web of trust tractable and practical but that is because validating
credentials for six billion people is a very different problem.
>
>
>>
>> Anyone can of course decide what curves are worth using, and can apply
>> their own analysis with their peers to come to that decision.  But if
>> you're communicating with the arbitrary outside world, there needs to be
>> some broader consensus about which curves to commonly use.
>
>
> More importantly, I can't use your curves unless you can prove to me that
they are secure. And the fact we are having trouble doing that in this
group proves that it is not possible to achieve that in a protocol.

We are not having trouble with that  in this group. Nobody disputes that
any of the proposed curves are secure, or the details of generation.

Instead, we're arguing about endiannes. I've tried to gather which primes
everyone wants in one list, crickets.  Tony Arceli posts about signatures,
5 messages. Big v. Little, 40.

Of course a malicious party can leak whatever you send them.

Sincerely,
Watson Ladd
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email