IETF Logo Mail Archive

Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

Simon Josefsson <simon@josefsson.org> Mon, 16 February 2015 09:30 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E541A1A9A for <cfrg@ietfa.amsl.com>; Mon, 16 Feb 2015 01:30:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaFdYGRL52-O for <cfrg@ietfa.amsl.com>; Mon, 16 Feb 2015 01:30:06 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EB1A1A1A98 for <cfrg@irtf.org>; Mon, 16 Feb 2015 01:30:05 -0800 (PST)
Received: from latte.josefsson.org ([IPv6:2001:16d8:cca1:0:2999:8dd0:70ed:36a2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t1G9TtAl000536 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 16 Feb 2015 10:29:56 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Alexey Melnikov <alexey.melnikov@isode.com>
References: <54D9E2E3.4080402@isode.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:150216:cfrg@irtf.org::uX6ju5TRqyL1y+v7:3Tk+
X-Hashcash: 1:22:150216:alexey.melnikov@isode.com::Mod7WQLMiRFu3nmB:0HT+M
Date: Mon, 16 Feb 2015 10:29:54 +0100
In-Reply-To: <54D9E2E3.4080402@isode.com> (Alexey Melnikov's message of "Tue, 10 Feb 2015 10:52:19 +0000")
Message-ID: <874mqmryp9.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.5 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/qKalxgjef-KimtukhQagcejieBQ>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Feb 2015 09:30:08 -0000

Alexey Melnikov <alexey.melnikov@isode.com> writes:

> CFRG chairs are starting a poll, containing 2 initial questions:
>
> Q1: Should CFRG recommend a curve at the 192-bit security level?

No.

> Q2: Should CFRG recommend a curve at the 256-bit security level?

No.

Rationale: going beyond 2^128 work factor (which I assume is what is
meant here -- talking about bit-level security is not particulary well
defined) is harmful for security as it introduces complexity and I have
seen no technical or scientifical justification for that complexity.

/Simon

> Answering Yes/No to each of these would suffice.
>
> Once this first set of issues is resolved, we will move to choices of prime
> at the selected security level(s), if any. After that we will be
> discussing implementation specifics and coordinate systems for
> Diffie-Hellman. We will then make decisions on signature schemes.
> Please don't discuss any of these future topics at this time.
>

v2.23.0 | Report a Bug | By Email