Re: [Cfrg] On "non-NIST"
Phillip Hallam-Baker <phill@hallambaker.com> Sat, 28 February 2015 16:02 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C1B21A1F70 for <cfrg@ietfa.amsl.com>; Sat, 28 Feb 2015 08:02:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2vxb8jzj0Qm for <cfrg@ietfa.amsl.com>; Sat, 28 Feb 2015 08:02:19 -0800 (PST)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C8AD1A1F04 for <cfrg@irtf.org>; Sat, 28 Feb 2015 08:02:19 -0800 (PST)
Received: by labgd6 with SMTP id gd6so22917247lab.7 for <cfrg@irtf.org>; Sat, 28 Feb 2015 08:02:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=GIBMEs3gxgkSsTB1eBJnOG+JKildhp+cqQbG1LR+fzs=; b=UJ8td2UB6QDmNNeB9XebSP07WAC7hqbVrervsd9oOt3AUvHuTw75mGgv5KPdxv4tZb ROPjFLU2TOVutSv6hmaINxqAwxF0p0Sn8nZ+LEYjcw+1WeFGNfpAGkhVi809wMajgB22 nPqWtTRn5Mj7UYMX/l89hRECby5Qupl4j+Wye7caql+NsgDgVCkVQCg1EoAZzcxShAxr yBuuf5v9Jjfg6zLqrRk/uOFIjg3VFe/YiLTCVYNWzEArzXjv500rncch1RFWrsSx2kNW Q2BbrsCH98zXQ1ezuIIvKlRVQRUb2cTLTVz/NKCLfHYUBaMmIVTqmOG8zYAExcpqzmpc 5g7g==
MIME-Version: 1.0
X-Received: by 10.152.191.135 with SMTP id gy7mr16980099lac.91.1425139337860; Sat, 28 Feb 2015 08:02:17 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.113.3.165 with HTTP; Sat, 28 Feb 2015 08:02:17 -0800 (PST)
In-Reply-To: <BE305B0B-80D2-48C6-ACE6-6F6544A04D69@vpnc.org>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF91123@uxcn10-5.UoA.auckland.ac.nz> <BE305B0B-80D2-48C6-ACE6-6F6544A04D69@vpnc.org>
Date: Sat, 28 Feb 2015 11:02:17 -0500
X-Google-Sender-Auth: xOCN2pQpZ3bPfDwd-TEdgGtJFTs
Message-ID: <CAMm+LwiL8NEPMXBZt3yba+d1vDy6tfnkj+AH1m372yvSWgXJ_Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="001a1134303afd1e600510281b5e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/pquP9HCPPr4FjIt7-b1wGpQeFJ8>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Subject: Re: [Cfrg] On "non-NIST"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Feb 2015 16:02:21 -0000
On Sat, Feb 28, 2015 at 10:41 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Feb 28, 2015, at 12:59 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> > wrote: > > > > Paul Hoffman <paul.hoffman@vpnc.org> writes: > > > >> The term "non-NIST" is predictive, and the crypto community kinda sucks > at > >> predictions. We have no idea what NIST will do in the future if a bunch > of > >> IETF WGs adopt specific elliptic curves that are not P256/P384. > > > > Why is NIST seen as the ultimate arbiter of what's appropriate though? > > Not "the", but "an". The reason is that NIST controls what can and cannot > be given a FIPS-140 certification, and that certification is considered > important both by companies who want to sell to the US Govt and companies > that use their certification as a statement that "we did it right". If you > make an HSM that uses an algorithm not allowed by NIST, you cannot get it > certified in the CMVP regime. Thus, when NIST is slow to keep up with the > best practices adopted by the community, it becomes a roadblock to > deploying better crypto. That overstates it. I need my HSMs validated by some independent party. NIST has an existing, widely respected infrastructure. The fact that NIST certification is necessary for US govt use is not the issue here. We need someone to do the work, there is a limited number of parties with the resources, skills and authority to do the job. If NIST is not going to do the job then we would need to find someone else. That is not impossible but NIST is the default. So the practical upshot here is that NIST is a stakeholder because we would like their help. They are also a standards body in their own right (though not a multi-stakeholder one). So it would be even more helpful if they gave an indication that the new curves are at least equally acceptable as the old for US govt. work. NIST is a stakeholder here. They are not the only one but they are one of the few stakeholders that is likely to have a strong opinion. If NIST or Microsoft or Google was to say that they cared a really great deal about P448 or P521 then that should in my view carry rather more weight than a bunch of folk with either a mild preference for one or the other.
- Re: [Cfrg] On "non-NIST" Peter Gutmann
- Re: [Cfrg] On "non-NIST" Paul Hoffman
- Re: [Cfrg] On "non-NIST" Phillip Hallam-Baker
- Re: [Cfrg] On "non-NIST" Watson Ladd
- Re: [Cfrg] On "non-NIST" Phillip Hallam-Baker
- Re: [Cfrg] On "non-NIST" Paul Hoffman
- Re: [Cfrg] On "non-NIST" Dan Harkins
- Re: [Cfrg] On "non-NIST" Watson Ladd
- Re: [Cfrg] On "non-NIST" Scott Fluhrer (sfluhrer)
- Re: [Cfrg] On "non-NIST" Paul Hoffman
- Re: [Cfrg] On "non-NIST" Johannes Merkle
- Re: [Cfrg] On "non-NIST" Watson Ladd
- [Cfrg] Submission of curve25519 to NIST from CFRG… Paul Lambert
- Re: [Cfrg] Submission of curve25519 to NIST from … Tony Arcieri
- Re: [Cfrg] Submission of curve25519 to NIST from … Watson Ladd
- Re: [Cfrg] Submission of curve25519 to NIST from … Paul Lambert
- Re: [Cfrg] Submission of curve25519 to NIST from … Paul Lambert
- Re: [Cfrg] Submission of curve25519 to NIST from … Watson Ladd
- Re: [Cfrg] Submission of curve25519 to NIST from … Paul Lambert
- Re: [Cfrg] Submission of curve25519 to NIST from … Phillip Hallam-Baker
- Re: [Cfrg] Submission of curve25519 to NIST from … Paul Hoffman
- Re: [Cfrg] Submission of curve25519 to NIST from … Eggert, Lars
- Re: [Cfrg] Submission of curve25519 to NIST from … Stephen Farrell
- Re: [Cfrg] Submission of curve25519 to NIST from … Michael Hamburg