Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)

"Dan Harkins" <> Sun, 25 January 2015 17:48 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A9A9D1A873B for <>; Sun, 25 Jan 2015 09:48:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.968
X-Spam-Status: No, score=-1.968 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mrAjcKITp__6 for <>; Sun, 25 Jan 2015 09:48:14 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 38ABC1A8739 for <>; Sun, 25 Jan 2015 09:48:14 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id C386110224008 for <>; Sun, 25 Jan 2015 09:48:13 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Sun, 25 Jan 2015 09:48:14 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <>
Date: Sun, 25 Jan 2015 09:48:14 -0800
From: Dan Harkins <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <>
Subject: Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 25 Jan 2015 17:48:15 -0000

On Sun, January 25, 2015 12:30 am, D. J. Bernstein wrote:
>> a long-standing tradition of the on-the-wire format
> Just to make sure that I understand, after reviewing a ton of tcpdump
> output: You're referring to the HTTP tradition of variable-length ASCII
> decimal encodings for integers on the wire (cache times, data lengths,
> version numbers, etc.)? Does this mean that IETF pushed this HTTP
> tradition into AES-GCM's internal integer encodings before deploying
> AES-GCM, and plans to do the same for other cryptographic systems?

  No, you could not be more wrong in that assumption.

>> better looking and more maintainable code
> You're absolutely right: being able to reuse existing variable-length
> ASCII decimal integer encoders and decoders has always been a critical
> part, I daresay the most important part, of implementing, reading,
> auditing, and maintaining cryptographic software. RFC 1321 (MD5) got
> this totally wrong---the integers are _backwards_ and _non-decimal_ and
> _non-ASCII_---and we all know what happened to MD5 as a result.
> Now that you've reminded me of what really matters for cryptographic
> code complexity and security, I would love to put together an ASCII
> decimal version of Curve25519, but I have to admit that I'm not
> _completely_ clear on the details of the HTTP tradition that you're
> talking about. For example, are leading zeros allowed? This would allow
> simpler integer encoding for some embedded systems, but it would cause
> trouble for existing parsers that switch to octal for a leading 0, such
> as base-0 strtol(). Also, can the integers exceed 2147483647?

  Do you want to be taken seriously when you respond like this?