IETF Logo Mail Archive

Re: [Cfrg] generic curves ... RE: big-endian short-Weierstrass please

Kurt Roeckx <kurt@roeckx.be> Tue, 03 February 2015 18:28 UTC

Return-Path: <kurt@roeckx.be>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35F901A6FFB for <cfrg@ietfa.amsl.com>; Tue, 3 Feb 2015 10:28:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZ8tPxoxk7e7 for <cfrg@ietfa.amsl.com>; Tue, 3 Feb 2015 10:28:01 -0800 (PST)
Received: from defiant.e-webshops.eu (defiant.e-webshops.eu [82.146.122.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37C8D1A1AA9 for <cfrg@irtf.org>; Tue, 3 Feb 2015 10:28:01 -0800 (PST)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id 53F151C2139; Tue, 3 Feb 2015 19:27:59 +0100 (CET)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id 34AE11FE025A; Tue, 3 Feb 2015 19:27:59 +0100 (CET)
Date: Tue, 03 Feb 2015 19:27:59 +0100
From: Kurt Roeckx <kurt@roeckx.be>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <20150203182759.GD28380@roeckx.be>
References: <810C31990B57ED40B2062BA10D43FBF5D45067@XMB116CNC.rim.net> <20150202222918.GA13720@roeckx.be> <CACsn0ckZcxB863Jba_KO4AAM4UTurR3Y0+8EQZ6GMVGwpzh-ww@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0ckZcxB863Jba_KO4AAM4UTurR3Y0+8EQZ6GMVGwpzh-ww@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/ph6vpcK0rWJT1c85BArrgkAHWpE>
Cc: Dan Brown <dbrown@certicom.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] generic curves ... RE: big-endian short-Weierstrass please
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Feb 2015 18:28:03 -0000

On Tue, Feb 03, 2015 at 08:50:43AM -0800, Watson Ladd wrote:
> On Mon, Feb 2, 2015 at 2:29 PM, Kurt Roeckx <kurt@roeckx.be> wrote:
> > On Thu, Jan 29, 2015 at 10:09:18PM +0000, Dan Brown wrote:
> >> New thread name ... should have done so earlier.
> >>
> >> When TLS asked CFRG for new curves, I didn't interpret that to mean that
> >> generic curves would be banned. Banishing generic curves adds slightly more
> >> weight to the TLS request, because users cannot easily opt out of the chosen
> >> few elite curves.
> >
> > If it's unclear what the TLS WG wants exactly, maybe it's best to
> > ask them?
> >
> > My understanding is that they want fixed named curves.
> 
> Let me get this right:
> 
> There are no security concerns with Curve25519.
> 
> For the entire 12 months we've been piddling away, we could have
> written Curve25519 in Weierstrass form, and the TLS specification
> would already have included it as an option.

Is there a consensus that Weierstrass is the way to go for
curve25519?  Why not Montgomery?  As far as I know the current
draft has Montgomery in it and it seems to make more sense to me.


Kurt

v2.23.0 | Report a Bug | By Email