Re: [Cfrg] When's the decision?

Yoav Nir <ynir.ietf@gmail.com> Mon, 06 October 2014 15:53 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E64C01A02DF for <cfrg@ietfa.amsl.com>; Mon, 6 Oct 2014 08:53:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jky-uYh7FcVI for <cfrg@ietfa.amsl.com>; Mon, 6 Oct 2014 08:53:33 -0700 (PDT)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3B3A1A007F for <cfrg@irtf.org>; Mon, 6 Oct 2014 08:53:32 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id l18so6918838wgh.17 for <cfrg@irtf.org>; Mon, 06 Oct 2014 08:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=V+Wlgc7TIkEfHDU7jVcDhADBCL68ZD8NB0/igS19BHI=; b=ORPupAMJ2NXzfoswlNfYTNh7872XyoYr3aKY8hFQlb+C4QXJOGXp20ZpPERHp7jiaN ULXIhMqKABjAa3RLDtNOKvFc9Nt7EEKH4IHphh95FBzJZW3thrYgBQIDjPddOegJ5Vn9 weWZKsPyniLYuZHsyJQl3CUdQNlKXLUOnHMLWBIHiv9zCxcn3RGPP5sVVskoja2gUYGc /VPjX2hAUx+dY2EiC5WY4qRCLBrP2tz47nARnxUY/PuMxZ5xMc0BR8dLAmFsMjxXOlxr q4PUQg8ZOxoIu3UNQvGHaZBMnegMTuqXGOzwkFzHKB5YPYfgbhfNS+MkQYl5VW/PB2O/ 3whg==
X-Received: by 10.194.189.82 with SMTP id gg18mr31313934wjc.2.1412610811560; Mon, 06 Oct 2014 08:53:31 -0700 (PDT)
Received: from yoavs-mbp.mshome.net ([95.35.51.128]) by mx.google.com with ESMTPSA id ma8sm17679820wjb.46.2014.10.06.08.53.29 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 06 Oct 2014 08:53:31 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com>
Date: Mon, 06 Oct 2014 18:53:25 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3EE5AEA5-3ADE-4D67-AC51-478074349D1B@gmail.com>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/mvanDZ9hsUS3v_F0pf-501Kid0o
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 15:53:35 -0000

Hi Watson.

Just to be clear, you’re referring to the curve decision, right?  Because the WG is also discussing ChaCha, hash signatures and (supposedly) Dragonfly.

I think the conversation about the new curves has dried up, so it’s up to the chairs to call consensus if they can. If it were up to me, I would say that there’s very little separating the different proposals, especially for the ~128-bit strength, meaning that whichever one gets chosen is likely to be accepted (no “Oh, my, you got this so wrong! How could you!  Don’t you care about the kittens?”)  The differences in performance are small enough to not matter, and I don’t think anyone thinks that any of the proposals has some hidden weakness in the carefully chosen parameters.

So with implementer hat on, I’ll quietly wait CFRG to make the decision, and for AGL or DJB or one of the others who know how to write this kind of code securely to contribute code to OpenSSL, and then I’ll happily copy the code from there. If the wrong choice either (a) made my session rate 20% smaller or (b) made me stay up all night delivering security hotfixes, I’d feel strongly about this choice. As it is, I (and I’m sure some others on this list) don’t think it matters that much. They’re all good enough.

Yoav

On Oct 6, 2014, at 6:26 PM, Watson Ladd <watsonbladd@gmail.com> wrote:

> Dear all,
> We were promised on July 27 a process running for 6 weeks. Doubling I
> get 12 weeks, which is three months, of which two (August, September)
> have already gone. Am I correct in supposing that we're on track for a
> decision by Halloween?
> 
> If we aren't, what remaining issues need to be addressed/when can we
> expect a decision?
> 
> Sincerely,
> Watson Ladd
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg