Re: [Cfrg] ECC reboot (Was: When's the decision?)

Michael Hamburg <mike@shiftleft.org> Sat, 18 October 2014 03:35 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6D2E1A0137 for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 20:35:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cFi2Ar9Gh6pR for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 20:35:06 -0700 (PDT)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05FFE1A012D for <cfrg@irtf.org>; Fri, 17 Oct 2014 20:35:05 -0700 (PDT)
Received: from [192.168.1.129] (unknown [192.168.1.1]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 94F5C3AA49; Fri, 17 Oct 2014 20:33:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1413603183; bh=yUUcnFbMoFgUmtMV3yiJzgU/svB3/F00PFP2GPWjZsQ=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=BFh01F391xyZMzzyL8b6x8taBsWZUcCXaXbCnFk2TyrXRzygs28BaiSLgnihP9zil oYu89wweBur1iVru5QbGKR+TYqITmjt50EnFHBlhC6W1aYkGs3AUqrR9txMwXNOdCn SPykmdBditZIdy+d+Ti09GOkQ8UlKOH7ExrL3kVc=
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <CAMm+LwjrSVn=T4uqJsQ00Jp0H3-AL7-pk0RSJ_gyGrJgKGpuSg@mail.gmail.com>
Date: Fri, 17 Oct 2014 20:35:03 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <004F71A2-35F7-41EE-B19C-2264C23785F2@shiftleft.org>
References: <D065A817.30406%kenny.paterson@rhul.ac.uk> <54400E9F.5020905@akr.io> <CAMm+LwhVKBfcfrXUKmVXKsiAMRSTV+ws+u07grmxkfnR2oYJoQ@mail.gmail.com> <5218FD35-E00A-413F-ACCB-AA9B99DEF48B@shiftleft.org> <CAMm+LwjrSVn=T4uqJsQ00Jp0H3-AL7-pk0RSJ_gyGrJgKGpuSg@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/td221b5RFffE4cAaH9S7GlgZBhA
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] ECC reboot (Was: When's the decision?)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Oct 2014 03:35:07 -0000

> On Oct 17, 2014, at 4:31 PM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
> 
> On Fri, Oct 17, 2014 at 5:27 PM, Michael Hamburg <mike@shiftleft.org> wrote:
> 
>> Phillip Hallam-Baker <phill@hallambaker.com> wrote:
>> 
>>> For ~512 I want the Platinum level security, whatever it takes.
>> 
>> 
>> Platinum is heavy and very, very expensive.  It resists corrosion phenomenally well, but not cutting.  Quite the metaphor.
> 
> I rejected diamond because its brittle. 

Maybe I should expand on this.  Sometimes precious metals or gemstones are used for protection (platinum for corrosion, sapphire for abrasion, …) because they’re genuinely the best material to survive a particular harsh environment.  Sometimes they’re used for marketing reasons.  Sometimes it’s a combination.

It’s clear from your email that you want this 512-bit “Platinum level security" for marketing reasons.  If your competitor offers it, you’ll need to as well.  521 bits is not so round, not so shiny. And 414 or 448 or 480, well, everyone knows those are less than 512.  You don’t know, and I don’t know, what the possible threats are against curves like this, or whether more bits (and how many) will help resist them.  But you want 512 anyway, whatever it takes.

And you know what?  I get that.  Especially post-Snowden, marketability is an important part of any new security standard.  But that won’t stop me from pushing a solution that gives similar security at half the cost.

— Mike