Re: [Cfrg] Actual security levels for IETF crypto
Watson Ladd <watsonbladd@gmail.com> Fri, 31 October 2014 14:43 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC4E1A9040 for <cfrg@ietfa.amsl.com>; Fri, 31 Oct 2014 07:43:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mASx3eo7L4Ys for <cfrg@ietfa.amsl.com>; Fri, 31 Oct 2014 07:43:07 -0700 (PDT)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE8841A9028 for <cfrg@irtf.org>; Fri, 31 Oct 2014 07:43:06 -0700 (PDT)
Received: by mail-yh0-f49.google.com with SMTP id t59so2692804yho.8 for <cfrg@irtf.org>; Fri, 31 Oct 2014 07:43:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Bbr0mdfULXu/43jPoEDnyW9vE/GlU0/q5KNPJrgXpyg=; b=vCK9SJATptwRfmR2fuZ0r+FhQr34vaDhVfgPcEoEZC2Q4Gw29xLqtrEWgMRmqgK2jj 1qNC23ms5t7egvznG0zpNaV7n4W6VXJdKK1mNrdgZYHk1CeAQ+uA7UgPFPKdmYeF7/jT /9L9kawrJgp1nGgLdxfRBpru0QsZ8ig3xMro40dc4ioTLVn4YN73deZR+r3y7UQ8BBzd fsNpx7tbPhn/qMealYwyRhTl598YZAF+wEyOFCn/7hVrlN9kVbYU09ShykaT1n5NCfQq xQISLFKXfugEP1urFXZaNSbgHod3KDZZMZY/9AuhabgASgKDQ0p7oE7J/R6vWlS88ube JZVA==
MIME-Version: 1.0
X-Received: by 10.170.207.141 with SMTP id y135mr24755286yke.28.1414766586037; Fri, 31 Oct 2014 07:43:06 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Fri, 31 Oct 2014 07:43:05 -0700 (PDT)
In-Reply-To: <CA+Vbu7y0Eu=R_G5z8hs8TwArzhxWheqetSTCJcqK4XyHga7_Lw@mail.gmail.com>
References: <810FD859-5CE9-4163-9749-973ED4F810CA@gmail.com> <CA+Vbu7yvQedeGJx-a1bC4KKZk6zwU0a=jxzw-JcTwGnQy9WCaw@mail.gmail.com> <20141029194708.5993.qmail@cr.yp.to> <m2mw8db73p.wl%randy@psg.com> <CA+Vbu7xgmON5459+14hs7zwx8hyA=atT1BjJx6=TxPAxpW3b0Q@mail.gmail.com> <CAL02cgTtn8Ae4Xz_zVUtgwLSkDjdL=Gr6udD2XjytbtoBq7QTA@mail.gmail.com> <m2sii48yog.wl%randy@psg.com> <545342CF.4090503@akr.io> <CAL02cgTUAQrkXUdqEXKZoOgUxLF2qkiDDFfBoLQR-HM3u26RkQ@mail.gmail.com> <54539870.2050003@cs.tcd.ie> <CACsn0ckuV0vCQZOgZA=3fX38xF0_NbVFqmtLb3YkGAgPhoThBA@mail.gmail.com> <CA+Vbu7z2qhU43gtMxfeciUtyDJ9q4uAjYCK2-ONsBNXbxU9nEg@mail.gmail.com> <CACsn0ckTLDJP2NugNO1ogQvDF4nEfH=qQ6CXiJ=LdjN1AibhYw@mail.gmail.com> <CA+Vbu7y0Eu=R_G5z8hs8TwArzhxWheqetSTCJcqK4XyHga7_Lw@mail.gmail.com>
Date: Fri, 31 Oct 2014 07:43:05 -0700
Message-ID: <CACsn0cnz4r3ODZ0VWVLCQxrL+49LF6y61of10pHOwtJyjKg5mg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Benjamin Black <b@b3k.us>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/tTfgQ8dzEh6GIfbSaQ4_SVxfuvU
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Actual security levels for IETF crypto
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2014 14:43:09 -0000
On Fri, Oct 31, 2014 at 7:39 AM, Benjamin Black <b@b3k.us> wrote: > Right, I didn't say don't pick NUMS. I said I believe the process should've > gone a direction it did not, which would've rejected _ALL_ current > candidates in favor of CFRG generating new ones. That is no more my saying > "don't pick NUMS" than your saying you want genus 2 on the table is the same > as your saying "don't pick Curve25519". The unimportant question is why would we reject candidates for existing? The important question is: What's the case for NUMS vs. the other curves? Or do I have to go write this email myself? > > On Fri, Oct 31, 2014 at 7:35 AM, Watson Ladd <watsonbladd@gmail.com> wrote: >> >> On Fri, Oct 31, 2014 at 7:31 AM, Benjamin Black <b@b3k.us> wrote: >> > Watson, >> > >> > Where exactly did I say "don't pick NUMS"? >> >> On October 29 >> "I've also said repeatedly that we should be starting from >> requirements and then consider _generating_ curves to meet them, >> rather than limiting ourselves to the curves at hand or trying to >> contort the requirements to match an existing favorite." >> >> That seems to suggest that we don't pick any curves, but instead >> generate new ones. >> >> > >> > >> > b >> > >> > On Fri, Oct 31, 2014 at 7:14 AM, Watson Ladd <watsonbladd@gmail.com> >> > wrote: >> >> >> >> On Fri, Oct 31, 2014 at 7:10 AM, Stephen Farrell >> >> <stephen.farrell@cs.tcd.ie> wrote: >> >> > >> >> > >> >> > On 31/10/14 14:05, Richard Barnes wrote: >> >> >> The idea that whiz-bang new crypto is the main barrier to 100% HTTPS >> >> >> adoption seems rather naïve. It helps, >> >> > >> >> > I agree. Of course, having CFRG decide on precisely >> >> > which whiz-bang new crypto would be a good next step:-) >> >> >> >> But our choices are not the fastest ones! We've decided to have genus >> >> 1 prime, no CM, which is a very conservative choice, but not >> >> necessarily the fastest. >> >> >> >> Anyway, since Benjamin Black has said he doesn't actually think we >> >> should pick NUMS, but do our own picking, I think the answer is >> >> clear... >> >> > >> >> > S. >> >> > >> >> > _______________________________________________ >> >> > Cfrg mailing list >> >> > Cfrg@irtf.org >> >> > http://www.irtf.org/mailman/listinfo/cfrg >> >> >> >> >> >> >> >> -- >> >> "Those who would give up Essential Liberty to purchase a little >> >> Temporary Safety deserve neither Liberty nor Safety." >> >> -- Benjamin Franklin >> >> >> >> _______________________________________________ >> >> Cfrg mailing list >> >> Cfrg@irtf.org >> >> http://www.irtf.org/mailman/listinfo/cfrg >> > >> > >> >> >> >> -- >> "Those who would give up Essential Liberty to purchase a little >> Temporary Safety deserve neither Liberty nor Safety." >> -- Benjamin Franklin > > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] Actual security levels for IETF crypto D. J. Bernstein
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Andrey Jivsov
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Olafur Gudmundsson
- Re: [Cfrg] Actual security levels for IETF crypto Jakob Breier
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Ilari Liusvaara
- Re: [Cfrg] Actual security levels for IETF crypto Mike Hamburg
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto D. J. Bernstein
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Alyssa Rowan
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto D. J. Bernstein
- Re: [Cfrg] Actual security levels for IETF crypto Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Bodo Moeller
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Richard Barnes
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Alyssa Rowan
- Re: [Cfrg] Actual security levels for IETF crypto Randy Bush
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Yoav Nir
- Re: [Cfrg] Actual security levels for IETF crypto Phillip Hallam-Baker
- Re: [Cfrg] Actual security levels for IETF crypto Richard Barnes
- Re: [Cfrg] Actual security levels for IETF crypto Stephen Farrell
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Benjamin Black
- Re: [Cfrg] Actual security levels for IETF crypto Watson Ladd
- Re: [Cfrg] Actual security levels for IETF crypto Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Actual security levels for IETF crypto Paterson, Kenny