Re: [Cfrg] Editing work on github of draft-ladd-safecurves - References

Watson Ladd <watsonbladd@gmail.com> Mon, 13 January 2014 00:02 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D7BD1ACCDF for <cfrg@ietfa.amsl.com>; Sun, 12 Jan 2014 16:02:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lwEzpZQd9L8y for <cfrg@ietfa.amsl.com>; Sun, 12 Jan 2014 16:02:49 -0800 (PST)
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 956B21ACC83 for <cfrg@irtf.org>; Sun, 12 Jan 2014 16:02:49 -0800 (PST)
Received: by mail-we0-f173.google.com with SMTP id t60so6010196wes.32 for <cfrg@irtf.org>; Sun, 12 Jan 2014 16:02:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=h9mtkWqSdJDA50HdnXwkiqHjjvuQNTKEsDORKDIKcug=; b=eR4YhTBuyKhNVWMXOVP4pGLw58Lg12b/TTa3SBq1y/UhI9EHTMs+KhpABcLQhll8Rj On7ZIydoyYcowLiDsyC5A/+Qmpcj0nFWOQM17h3wL48FBRnSDHQf96Ozf+/64a8s8sEo eKd3CbWzBGPPdc+5/6lq+qqq95V35cCdJ49hKHxwXzx48t1BvnEN2G9UsrcmAmPz/4MB J5A6ZxvyGvvKrBY0oSMNDg/hlQFn4HD0RCEo7IxcOgsPGM9J5Kd8vR5KILcmkTvbgI2h 5h3ecrxVwklUM2vWz1tZzNh5CtB7sjk1+6Pxrj7l66nXkHsFkdPrzdielJr3T+CK3tU1 oh0A==
MIME-Version: 1.0
X-Received: by 10.194.174.4 with SMTP id bo4mr625125wjc.62.1389571358285; Sun, 12 Jan 2014 16:02:38 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Sun, 12 Jan 2014 16:02:38 -0800 (PST)
In-Reply-To: <52D3299B.4040904@elzevir.fr>
References: <52D2CA41.4040509@KingsMountain.com> <52D3299B.4040904@elzevir.fr>
Date: Sun, 12 Jan 2014 16:02:38 -0800
Message-ID: <CACsn0cnZSX7zVTJMZxFRKzbCWQ80sBuBbrDJTYPmLvK-iHZfsQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: =?UTF-8?Q?Manuel_P=C3=A9gouri=C3=A9=2DGonnard?= <mpg@elzevir.fr>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: IRTF Crypto Forum Research Group <cfrg@irtf.org>
Subject: Re: [Cfrg] Editing work on github of draft-ladd-safecurves - References
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 00:02:51 -0000

On Sun, Jan 12, 2014 at 3:47 PM, Manuel Pégourié-Gonnard <mpg@elzevir.fr> wrote:
> On 12/01/2014 18:00, =JeffH wrote:
>>  > some
>>  > people want something ala RFC 6090, while I want to avoid massive
>>  > bloat with implementation details that anyone implementing this draft
>>  > probably knows anyway.
>>
>> Perhaps citing RFC 6090 as appropriate would allay those concerns?
>>
> RFC 6090 is about curves in short Weierstrass form, which the curve from the
> draft are not. (Of course you could convert them to short Weierstrass, but that
> would not be a good idea.)

I'm sure someone out there will do it, even though I've given them all
the details of better
multiplication algorithms in the github draft. It would be a clever
way to reintroduce weaknesses
that the current curve shapes avoid, and if you don't give your
customers the source, they would
never know.

RFC6090 was also published to avoid Certicom IPR and document
algorithms that were unpatented.
But with Montgomery curves there is none of that:
the necessary formulas appear in a paper published in 1985.

Anyway, if you think we need more implementor guidance, feel free to
send me a diff. In about a week this should
stabilize enough to be the basis for more IETF/IRTF actions, like
getting the OIDs.

Sincerely,
Watson


>
> Manuel.
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin