Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 20 February 2015 19:50 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 214961A8984 for <cfrg@ietfa.amsl.com>; Fri, 20 Feb 2015 11:50:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.134
X-Spam-Level:
X-Spam-Status: No, score=0.134 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001, T_MONEY_PERCENT=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VDbpS4cJ5u3s for <cfrg@ietfa.amsl.com>; Fri, 20 Feb 2015 11:50:50 -0800 (PST)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0EFC1A88F6 for <cfrg@irtf.org>; Fri, 20 Feb 2015 11:50:49 -0800 (PST)
Received: by lbvn10 with SMTP id n10so8390240lbv.6 for <cfrg@irtf.org>; Fri, 20 Feb 2015 11:50:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=WeRgNJPht/I94R9uxxVZ7UUw+jFhiIaHxavgTyejfus=; b=RF7UeFWO3MYjBrSclX9c8wsooCUdbIvM/KOSJBPaOuMoCxck6a8pmbG8UCTFljupwp sPG6x59t/A7WxujXccfhV4ZKbfTkA5wLCfUr/SOc924hcXKJ6uN99K27QtVXki9DWKrb FjN86gUgjZnl/u41PeTfHe0/Nt4bxak2lN8XORMbKYqIiUhoDTRtcBKtyasVrK+bjD7r 4oDPBdCdLnXpUVF4UY1FmqSQ4R5IHCFPhT18G6rLJLTzo0iBlOOaUVXBsa7RO8lzIZkh t7ZZaA4KPww+dtVTVoNqrIpYbk5XCavbxR9jSIQqSi4YpXC36efs8dAz84Vd1mGD8jUA rIBA==
MIME-Version: 1.0
X-Received: by 10.112.134.106 with SMTP id pj10mr10269629lbb.58.1424461848157; Fri, 20 Feb 2015 11:50:48 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.113.3.165 with HTTP; Fri, 20 Feb 2015 11:50:48 -0800 (PST)
In-Reply-To: <CACsn0c=eqcXm+ir75Qm9PvP5QhdZf_kfVYn2sE-mcHwNtqbP7A@mail.gmail.com>
References: <54E46EA4.9010002@isode.com> <CAHOTMVKCD+DK6QbSuy8R63FVnu_WBNmwMvByqicx=sK6_k63HQ@mail.gmail.com> <D10CAF3B.3F266%kenny.paterson@rhul.ac.uk> <CAMm+Lwhj9H_NK22QbTB7=EFd7GBg0WprwRMN8RxH3+7r_buf7g@mail.gmail.com> <CACsn0c=eqcXm+ir75Qm9PvP5QhdZf_kfVYn2sE-mcHwNtqbP7A@mail.gmail.com>
Date: Fri, 20 Feb 2015 14:50:48 -0500
X-Google-Sender-Auth: 5lgNiAaODBHJDdjOAx-p6NoOreU
Message-ID: <CAMm+LwjU_c=Oh7uebV3XS1XuD6bAuNGSzFW16uqh9-nQM7n98g@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="047d7b3a8ac874a636050f8a5ed8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/o0QennLXQ9Z94Kx4jpRFS4Z8MAM>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2015 19:50:52 -0000
On Fri, Feb 20, 2015 at 1:17 PM, Watson Ladd <watsonbladd@gmail.com> wrote: > > On Feb 20, 2015 9:21 AM, "Phillip Hallam-Baker" <phill@hallambaker.com> > wrote: > > > Well maybe if we had discussed it first. As it is your poll completely > mis-states the reasons people prefer 512 over 521. Which rather undercuts > the whole process. > > We've been discussing these issues for nearly a full year. You've had and > taken ample opportunity to explain why you don't like E-521, and the fact > that no one else is convinced has a lot to do with the strength of your > arguments. > You are entitled to your opinion but it is far from the case that everyone here sees things as you do. Even if my opinion was wrong, the chairs should not misrepresent them. > The way I would do this is as a Quaker poll asking people what their > preferred outcome is and what they can live with on 448, 480, 512 and 521. > > > > 448 - No > > 480 - Acceptable > > 512 - Preferred > > 521 - No > > > > This is meant to be a consensus process and we should be using consensus > seeking tools wherever possible. Votes for the best outcome are not the > best way to come to consensus. > > No, it's about using our expertise to make the right decision. If your > arguments are wrong, don't expect us to pay attention. > If the issue was expertise in mathematics then it would be a simple choice. The question is not down to that type expertise, it is which set of criteria are considered to be important. And there experience is rather more relevant than expertise in the specific branch of math. You think that performance should be the criteria. In the twenty years since I was a grad student the performance of computers has doubled every 18 months or so. I am writing this on a computer that has more computing power than the fastest supercomputer available only ten years ago, cost less than $10,000 and plugs into a regular wall socket. I don't actually care very much about the specific outcome here. What is important to me is whether the outcome is backed by 10%, 50% or 90% of the industry. And that in turn depends first and foremost on the litigation cost associated with the new algorithm and next to that the ease with which we can convince people that there is nothing odd about the choice. So I am far more concerned about process than outcome here. How long we spend arguing is much less important to me than the risk we have to do it all again soon. The litigation risk has no bearing on 512 or 521 but it is going to have a big bearing on the choice of curve. More than one of us is going to have to eventually have to explain all of this stuff to lawyers at $400/hr per person involved and up. The cost of moving to ECC is going to largely depend on the length of time those conversations take.
- [Cfrg] Elliptic Curves - poll on specific curve a… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Dan Harkins
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Stephen Farrell
- Re: [Cfrg] Elliptic Curves - poll on specific cur… James Cloos
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Jon Callas
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Adam Langley
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Jon Callas
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Jon Callas
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Scott
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Torsten Schuetze
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Andrey Jivsov
- [Cfrg] network traffic D. J. Bernstein
- Re: [Cfrg] network traffic Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Simon Josefsson
- Re: [Cfrg] network traffic RONDEPIERRE Franck
- Re: [Cfrg] network traffic David Jacobson
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] network traffic Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on specific cur… _MiW