IETF Logo Mail Archive

Re: [Cfrg] Actual security levels for IETF crypto

Watson Ladd <watsonbladd@gmail.com> Fri, 31 October 2014 14:43 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC4E1A9040 for <cfrg@ietfa.amsl.com>; Fri, 31 Oct 2014 07:43:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mASx3eo7L4Ys for <cfrg@ietfa.amsl.com>; Fri, 31 Oct 2014 07:43:07 -0700 (PDT)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE8841A9028 for <cfrg@irtf.org>; Fri, 31 Oct 2014 07:43:06 -0700 (PDT)
Received: by mail-yh0-f49.google.com with SMTP id t59so2692804yho.8 for <cfrg@irtf.org>; Fri, 31 Oct 2014 07:43:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Bbr0mdfULXu/43jPoEDnyW9vE/GlU0/q5KNPJrgXpyg=; b=vCK9SJATptwRfmR2fuZ0r+FhQr34vaDhVfgPcEoEZC2Q4Gw29xLqtrEWgMRmqgK2jj 1qNC23ms5t7egvznG0zpNaV7n4W6VXJdKK1mNrdgZYHk1CeAQ+uA7UgPFPKdmYeF7/jT /9L9kawrJgp1nGgLdxfRBpru0QsZ8ig3xMro40dc4ioTLVn4YN73deZR+r3y7UQ8BBzd fsNpx7tbPhn/qMealYwyRhTl598YZAF+wEyOFCn/7hVrlN9kVbYU09ShykaT1n5NCfQq xQISLFKXfugEP1urFXZaNSbgHod3KDZZMZY/9AuhabgASgKDQ0p7oE7J/R6vWlS88ube JZVA==
MIME-Version: 1.0
X-Received: by 10.170.207.141 with SMTP id y135mr24755286yke.28.1414766586037; Fri, 31 Oct 2014 07:43:06 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Fri, 31 Oct 2014 07:43:05 -0700 (PDT)
In-Reply-To: <CA+Vbu7y0Eu=R_G5z8hs8TwArzhxWheqetSTCJcqK4XyHga7_Lw@mail.gmail.com>
References: <810FD859-5CE9-4163-9749-973ED4F810CA@gmail.com> <CA+Vbu7yvQedeGJx-a1bC4KKZk6zwU0a=jxzw-JcTwGnQy9WCaw@mail.gmail.com> <20141029194708.5993.qmail@cr.yp.to> <m2mw8db73p.wl%randy@psg.com> <CA+Vbu7xgmON5459+14hs7zwx8hyA=atT1BjJx6=TxPAxpW3b0Q@mail.gmail.com> <CAL02cgTtn8Ae4Xz_zVUtgwLSkDjdL=Gr6udD2XjytbtoBq7QTA@mail.gmail.com> <m2sii48yog.wl%randy@psg.com> <545342CF.4090503@akr.io> <CAL02cgTUAQrkXUdqEXKZoOgUxLF2qkiDDFfBoLQR-HM3u26RkQ@mail.gmail.com> <54539870.2050003@cs.tcd.ie> <CACsn0ckuV0vCQZOgZA=3fX38xF0_NbVFqmtLb3YkGAgPhoThBA@mail.gmail.com> <CA+Vbu7z2qhU43gtMxfeciUtyDJ9q4uAjYCK2-ONsBNXbxU9nEg@mail.gmail.com> <CACsn0ckTLDJP2NugNO1ogQvDF4nEfH=qQ6CXiJ=LdjN1AibhYw@mail.gmail.com> <CA+Vbu7y0Eu=R_G5z8hs8TwArzhxWheqetSTCJcqK4XyHga7_Lw@mail.gmail.com>
Date: Fri, 31 Oct 2014 07:43:05 -0700
Message-ID: <CACsn0cnz4r3ODZ0VWVLCQxrL+49LF6y61of10pHOwtJyjKg5mg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Benjamin Black <b@b3k.us>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/tTfgQ8dzEh6GIfbSaQ4_SVxfuvU
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Actual security levels for IETF crypto
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2014 14:43:09 -0000

On Fri, Oct 31, 2014 at 7:39 AM, Benjamin Black <b@b3k.us> wrote:
> Right, I didn't say don't pick NUMS. I said I believe the process should've
> gone a direction it did not, which would've rejected _ALL_ current
> candidates in favor of CFRG generating new ones. That is no more my saying
> "don't pick NUMS" than your saying you want genus 2 on the table is the same
> as your saying "don't pick Curve25519".

The unimportant question is why would we reject candidates for existing?

The important question is:
What's the case for NUMS vs. the other curves? Or do I have to go
write this email myself?
>
> On Fri, Oct 31, 2014 at 7:35 AM, Watson Ladd <watsonbladd@gmail.com> wrote:
>>
>> On Fri, Oct 31, 2014 at 7:31 AM, Benjamin Black <b@b3k.us> wrote:
>> > Watson,
>> >
>> > Where exactly did I say "don't pick NUMS"?
>>
>> On October 29
>> "I've also said repeatedly that we should be starting from
>> requirements and then consider _generating_ curves to meet them,
>> rather than limiting ourselves to the curves at hand or trying to
>> contort the requirements to match an existing favorite."
>>
>> That seems to suggest that we don't pick any curves, but instead
>> generate new ones.
>>
>> >
>> >
>> > b
>> >
>> > On Fri, Oct 31, 2014 at 7:14 AM, Watson Ladd <watsonbladd@gmail.com>
>> > wrote:
>> >>
>> >> On Fri, Oct 31, 2014 at 7:10 AM, Stephen Farrell
>> >> <stephen.farrell@cs.tcd.ie> wrote:
>> >> >
>> >> >
>> >> > On 31/10/14 14:05, Richard Barnes wrote:
>> >> >> The idea that whiz-bang new crypto is the main barrier to 100% HTTPS
>> >> >> adoption seems rather naïve.  It helps,
>> >> >
>> >> > I agree. Of course, having CFRG decide on precisely
>> >> > which whiz-bang new crypto would be a good next step:-)
>> >>
>> >> But our choices are not the fastest ones! We've decided to have genus
>> >> 1 prime, no CM, which is a very conservative choice, but not
>> >> necessarily the fastest.
>> >>
>> >> Anyway, since Benjamin Black has said he doesn't actually think we
>> >> should pick NUMS, but do our own picking, I think the answer is
>> >> clear...
>> >> >
>> >> > S.
>> >> >
>> >> > _______________________________________________
>> >> > Cfrg mailing list
>> >> > Cfrg@irtf.org
>> >> > http://www.irtf.org/mailman/listinfo/cfrg
>> >>
>> >>
>> >>
>> >> --
>> >> "Those who would give up Essential Liberty to purchase a little
>> >> Temporary Safety deserve neither  Liberty nor Safety."
>> >> -- Benjamin Franklin
>> >>
>> >> _______________________________________________
>> >> Cfrg mailing list
>> >> Cfrg@irtf.org
>> >> http://www.irtf.org/mailman/listinfo/cfrg
>> >
>> >
>>
>>
>>
>> --
>> "Those who would give up Essential Liberty to purchase a little
>> Temporary Safety deserve neither  Liberty nor Safety."
>> -- Benjamin Franklin
>
>



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.46.0 | Report a Bug | By Email | System Status