Re: [Cfrg] [TLS] Unwarrented change to point formats

Eric Rescorla <ekr@rtfm.com> Sun, 27 July 2014 21:37 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CB221A036E for <cfrg@ietfa.amsl.com>; Sun, 27 Jul 2014 14:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFhZ3AV2s2dy for <cfrg@ietfa.amsl.com>; Sun, 27 Jul 2014 14:37:50 -0700 (PDT)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E5911A0361 for <cfrg@irtf.org>; Sun, 27 Jul 2014 14:37:50 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id n12so6404202wgh.33 for <cfrg@irtf.org>; Sun, 27 Jul 2014 14:37:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=iSMpBBtigSRmJ4yXOvwywgsThw4a9x8F7vuOAoVxD0o=; b=hr/eATsaY/QRCe4LlJPTCBCk1DzZOrW4SnI6OweTyRR0fNWtSI8B0j6jODk8g5gLOb tXNTYhPFYQ1LP3sOqmGw6XLyPA5XjF4fJLieg4WxbETXynVFUMV6d4WZXgo7sCCY3MJk 9afghH8hRD0xrW1nnNQPkED8l6LrPWA7U4Rk5y1fNF7ivbWjsxRENbqlgpZsIO6fF243 v6d+We0U+MVEJ7bRFe2ZnJQZp3sONPEt4peJXleB4u3Gw/4wZklCetgombG/M4qQocJu C53NTBgIEmj+quUtXJhnTDRGDItjJcHwZbiYEkN+M9iyg4zJEmS94gf4GHwAWOhqN7Uq 8ZPA==
X-Gm-Message-State: ALoCoQkTSU8qnIMxn0iQIDVBLLYy1WKtl9xXieX0U2SljxdlYQ31q7KKtOB5pmNBDsgCP3JRcQkG
X-Received: by 10.180.39.34 with SMTP id m2mr23580561wik.80.1406497069104; Sun, 27 Jul 2014 14:37:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.128.12 with HTTP; Sun, 27 Jul 2014 14:37:09 -0700 (PDT)
X-Originating-IP: [74.95.2.168]
In-Reply-To: <CACsn0cnMcSp1G0j6_1ZGr9nZB8ncOyiUkJQS+dCkjeGByZUh6A@mail.gmail.com>
References: <CACsn0cnf64Lj0om9hzvfZymo1KRG6FOiicfcDw3ysfGwaAby3g@mail.gmail.com> <ACA887E2-DFE3-41A3-9A75-BAA72843169A@rhul.ac.uk> <CABcZeBMUTZM1y+oxTAjemw=LSWTycJNDdKPUou+H+ML3LHWPqw@mail.gmail.com> <CACsn0cnMcSp1G0j6_1ZGr9nZB8ncOyiUkJQS+dCkjeGByZUh6A@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 27 Jul 2014 14:37:09 -0700
Message-ID: <CABcZeBNKj2B2-sHAXegXYYEAqYN2GjwAVJL7LSUW6kQY-njoNw@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a1134b5b82e9de804ff339e97"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/sqnvwo6SFtj9UMRBcRU93BccfOs
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [Cfrg] [TLS] Unwarrented change to point formats
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jul 2014 21:37:52 -0000

On Sun, Jul 27, 2014 at 1:39 PM, Watson Ladd <watsonbladd@gmail.com> wrote:

> On Sun, Jul 27, 2014 at 1:26 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>


> > To take a specific set of cases. TLS has three major uses for public key
>  > crypto of this type:
> >
> > - Key establishment
> > - Digital signatures over handshake messages (ServerKeyExchange,
> >   CertificateVerify, etc.)
> > - Digital signatures over certificates.
> >
> > It seems likely that key establishment shares common requirements for
> > multiple protocols. Similarly, it would be quite convenient if the
> > signatures
> > used in TLS were the same as those used for the certificates used for
> TLS,
> > even though the latter are not defined in TLS. So, when I say an
> IETF-wide
> > set of recommendations that's the kind of thing I mean.
> >
> > I wasn't aware that any of this was particularly controversial.
>
> You had a draft in hand, got a reply that "yeah, looks good", and then
> went back to ask for
> a completely different design process, for reasons never discussed.
> It's the second round
> that's confusing me.
>

This does not match my understanding of the history.

Rather, here's my memory:

1. We asked the CFRG for a recommendation.

2. The CFRG held an interim discussion where a lot of good things
were said about Curve25519 but the CFRG never made a recommendation
to the TLS WG, but instead said it would come back and make
a recommendation.

3. The TLS Chairs sent the CFRG chairs a written request to make
such a recommendation (my memory is that they actually asked us
to write something down, but I don't immediately see it in my mail.)

Which brings us to the current process being run in CFRG.

-Ekr