Re: [Cfrg] Requirements for curve candidate evaluation update

Benjamin Black <b@b3k.us> Thu, 14 August 2014 03:49 UTC

Return-Path: <b@b3k.us>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34B951A0060 for <cfrg@ietfa.amsl.com>; Wed, 13 Aug 2014 20:49:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n3lAzRiaGs1a for <cfrg@ietfa.amsl.com>; Wed, 13 Aug 2014 20:49:19 -0700 (PDT)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13FBF1A0040 for <cfrg@ietf.org>; Wed, 13 Aug 2014 20:49:18 -0700 (PDT)
Received: by mail-wi0-f179.google.com with SMTP id f8so1676851wiw.6 for <cfrg@ietf.org>; Wed, 13 Aug 2014 20:49:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=etI+eOjGZ0v0BcgWaqx8OGRo+XVzwNAyVOEfKJaH/MI=; b=KZoIXKEQlcbF1JN2GD5L3nSbnEJuxRU2p8cqk3fPvj6Wq/uC3nRlE97gefbph6CSzz /JKrZQu+pw1rRKD2wOBzY1v0wJv0wq5s+irzhdwD4U0570Fr8AwWUOqbxC/KMpQKzwzk fPYWQIGW6RJB0PtZKemM+AMxWTW4l8/cyX67wpY9nXSn64+KBNICneOsIv+W3RCjeR/h BKbY/XMAolVbWZAwLloaNXJibZrLHl/DdTf9SUtL+xz6JemDlDyrY0W5W2s3FyxWhM6N DOa0LUMHGTj4sal9qGGtLGOKNeaYBQg2nuea3kvfCDMecg/PXRIlDprR0QIY7R4BYu5O zqUA==
X-Gm-Message-State: ALoCoQkiBTz+75Wlww4mRLsTkMKStyZQDMNswTgRLPARREkpqaV/PkQqs04uh1zGDgfskIuCkP6Y
X-Received: by 10.180.185.228 with SMTP id ff4mr8842748wic.76.1407988157631; Wed, 13 Aug 2014 20:49:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.44.138 with HTTP; Wed, 13 Aug 2014 20:48:57 -0700 (PDT)
In-Reply-To: <CAMm+Lwg8EZ-MWN4hKxzN+g5L9-GjgEGV49NqYNEnK=34qrkb+w@mail.gmail.com>
References: <CA+Vbu7wuAcmtAKJYEgAaSBTf6sj8pRfYpJhz2qV_ER=33mrk8Q@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C8CEB@USMBX1.msg.corp.akamai.com> <CA+Vbu7zfbx-OqU=ggXgutDb+GNwvS3QpkTwzU1c+2Lcv=3Gawg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C9094@USMBX1.msg.corp.akamai.com> <CAMm+Lwg8EZ-MWN4hKxzN+g5L9-GjgEGV49NqYNEnK=34qrkb+w@mail.gmail.com>
From: Benjamin Black <b@b3k.us>
Date: Wed, 13 Aug 2014 20:48:57 -0700
Message-ID: <CA+Vbu7xejfMS5eDHo5f1BRD0Q3-owBGsq3fdPPhmnM1-Dddvgw@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary=001a11c35056fbea3805008ec989
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/sbiTvdCPvODgF_akBsOZ2uWnO3c
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] Requirements for curve candidate evaluation update
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 03:49:21 -0000

"You might think you are going to share the sign and decrypt code but I
bet you won't."

Using the same scalar multiplication code for kx and signatures is the
norm.


On Wed, Aug 13, 2014 at 7:42 PM, Phillip Hallam-Baker <phill@hallambaker.com
> wrote:

> +1
>
> To be clear, I am arguing that we put HSM support way ahead of a
> single model. HSM support is essential, a single model is someone's
> idea of tidiness.
>
> You might think you are going to share the sign and decrypt code but I
> bet you won't.
>
>
> On Wed, Aug 13, 2014 at 10:34 PM, Salz, Rich <rsalz@akamai.com> wrote:
> >> Requiring a single model for everything significantly reduces
> opportunities for mistakes and the small performance gain of multiple
> models does not justify requiring the additional exposure.
> >
> > That's a value judgement, and different people will come to different
> conclusions. It's certainly not an axiomatic principle. And when I see it
> put forth like that, I instantly get suspicious of the people doing that.
>  FWIW.
> >
> > To me, it's trading off "this is hard, and some people will get it
> wrong" -- when the community of people doing it is maybe a few hundred,
> certainly under 1K -- compared to zillions of devices in the web of things
> for the next couple of decades.
> >
> >         /r$
> >
> > --
> > Principal Security Engineer
> > Akamai Technologies, Cambridge MA
> > IM: rsalz@jabber.me Twitter: RichSalz
> >
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > http://www.irtf.org/mailman/listinfo/cfrg
>