Re: [Cfrg] Curve manipulation, revisited

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 30 December 2014 17:34 UTC

Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CAHOTMV+jO+8pvU4-McPb+t-4=0jp0-5Gg-3Psis+zZ-FRu-R3w@mail.gmail.com>
Date: Tue, 30 Dec 2014 09:33:56 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <FA87F77E-5709-4F4D-858E-A98F390283AB@vpnc.org>
References: <CAMfhd9W684XMmXn3ueDmwrsQ_ZdiFG+VqYLxkvs7qDwiJdpk6w@mail.gmail.com> <1725646678.805875.1419539885135.JavaMail.yahoo@jws100115.mail.ne1.yahoo.com> <CAMfhd9Ua5fFZk46Xx1AN2VgyJ=Yng6fnO8aN-_ZfzXQn0Xbxhg@mail.gmail.com> <CA+Vbu7zqFcu8d1053mZ_eEm0q=np6T3snSQ4rfY0k1-4hBVDsA@mail.gmail.com> <CAHOTMV+jO+8pvU4-McPb+t-4=0jp0-5Gg-3Psis+zZ-FRu-R3w@mail.gmail.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/tSezTRrHlnwYYD32jbd4Vd5LLkw
Subject: Re: [Cfrg] Curve manipulation, revisited
Precedence: list

On Dec 29, 2014, at 6:52 PM, Tony Arcieri <bascule@gmail.com> wrote:
> I think you can avoid this slippery slope by the CFRG recommending Curve25519 as one of potentially many curves at a 128-bit security level, for now, as an interim solution, simply to avoid the current situation of apparent infinite deadlock.

No, please no. An "interim solution" signature algorithm is stillborn. Few people would want to take the operational effort to create *and maintain* keys for an interim solution when the current solution (P256) is good enough.

If the CFRG cannot come to an agreement on a curve, a signature algorithm, and the necessary format additions, for 128-strength ECC, it should tell the IETF so as soon as possible. Stretching this out with interim values and half-solutions will be worse than claiming defeat.

--Paul Hoffman

[Cfrg] Curve manipulation, revisited D. J. Bernstein
Re: [Cfrg] Curve manipulation, revisited Adam Langley
Re: [Cfrg] Curve manipulation, revisited Watson Ladd
Re: [Cfrg] Curve manipulation, revisited David Gil
Re: [Cfrg] Curve manipulation, revisited Adam Langley
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited David Gil
Re: [Cfrg] Curve manipulation, revisited Adam Langley
Re: [Cfrg] Curve manipulation, revisited David Gil
Re: [Cfrg] Curve manipulation, revisited Adam Langley
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Alyssa Rowan
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited Adam Langley
Re: [Cfrg] Curve manipulation, revisited Watson Ladd
Re: [Cfrg] Curve manipulation, revisited Yoav Nir
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited Michael Hamburg
Re: [Cfrg] Curve manipulation, revisited Yoav Nir
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited Watson Ladd
Re: [Cfrg] Curve manipulation, revisited Yoav Nir
Re: [Cfrg] Curve manipulation, revisited Watson Ladd
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Mike Hamburg
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Rob Stradling
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited Benjamin Black
Re: [Cfrg] Curve manipulation, revisited Tony Arcieri
Re: [Cfrg] Curve manipulation, revisited Adam Langley
Re: [Cfrg] Curve manipulation, revisited Rob Stradling
Re: [Cfrg] Curve manipulation, revisited Watson Ladd
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited Paul Hoffman
Re: [Cfrg] Curve manipulation, revisited Nico Williams
Re: [Cfrg] Curve manipulation, revisited Watson Ladd
Re: [Cfrg] Curve manipulation, revisited Salz, Rich
Re: [Cfrg] Curve manipulation, revisited Paul Hoffman
Re: [Cfrg] Curve manipulation, revisited Alyssa Rowan
Re: [Cfrg] Curve manipulation, revisited Peter Dettman
Re: [Cfrg] Curve manipulation, revisited Harry Halpin
Re: [Cfrg] Curve manipulation, revisited Michael Hamburg
Re: [Cfrg] Curve manipulation, revisited Peter Dettman