IETF Logo Mail Archive

Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 11 February 2015 14:23 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A19FA1A026F for <cfrg@ietfa.amsl.com>; Wed, 11 Feb 2015 06:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K6_zqTRD1Iy3 for <cfrg@ietfa.amsl.com>; Wed, 11 Feb 2015 06:23:55 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0649.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::649]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A50711A01AE for <cfrg@irtf.org>; Wed, 11 Feb 2015 06:23:54 -0800 (PST)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB382.eurprd03.prod.outlook.com (10.141.10.12) with Microsoft SMTP Server (TLS) id 15.1.81.19; Wed, 11 Feb 2015 14:23:47 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.01.0081.018; Wed, 11 Feb 2015 14:23:47 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Thread-Index: AQHQRWA9TxnRtGYBQUOhPFAlIPaYCZzqvv2AgAAP2wCAAHaggIAANdOAgAAGoYA=
Date: Wed, 11 Feb 2015 14:23:47 +0000
Message-ID: <D10114F3.3E811%kenny.paterson@rhul.ac.uk>
References: <54D9E2E3.4080402@isode.com> <20150210183423.GA9338@roeckx.be> <1423622761.464212075@apps.rackspace.com> <54DACFB6.1090308@cdac.in> <C7C58FAC-E983-449D-A185-A3A98C2D3DA1@vigilsec.com> <CAMm+Lwhq5FOZ=K_RbYyZ7w5Sa9OAZXuzLXGtWYvEnHCXC2sd1g@mail.gmail.com>
In-Reply-To: <CAMm+Lwhq5FOZ=K_RbYyZ7w5Sa9OAZXuzLXGtWYvEnHCXC2sd1g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [78.146.78.227]
authentication-results: hallambaker.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB382;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB382;
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(51704005)(24454002)(479174004)(377454003)(19580405001)(19580395003)(93886004)(92566002)(106116001)(54356999)(76176999)(50986999)(122556002)(40100003)(2900100001)(2950100001)(2420400003)(15975445007)(102836002)(77096005)(36756003)(74482002)(87936001)(46102003)(1720100001)(2656002)(83506001)(86362001)(66066001)(62966003)(77156002)(563064011); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB382; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <218BF728663E824E800BF4224B873503@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2015 14:23:47.7000 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB382
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/u5XrSsHkFg2gC82bjHWNUasoUlI>
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 14:23:57 -0000

Phillip,

On 11/02/2015 13:59, "Phillip Hallam-Baker" <phill@hallambaker.com> wrote:

>Knowing if we are going to do p=~512 or not makes a big difference to
>what I would think we should be doing on p=~256.

We're settled on Curve25519 and close relatives at the p=~256 (128-bit
security level).

The question about 192-bit and 256-bit security was intended to be
regarded as being independent of that choice. From your message, it seems
you don't think it is. Can you expand?

>
>If we are not doing p=~512 then this is adding one more point to the zoo,
>no biggie. If we are doing p=~512 and NOT p=~384 then we are sending a
>signal that we are shutting the zoo down and starting over.
>

I don't really understand what you are saying here, as none of it is about
the 128-bit security level which is where your message started from.

Sorry, but I am confused.

>
>To give an opinion on the plan, I want to know what the backup plan is
>likely to look like. That does not mean agreeing every detail of the
>backup plan.

If there's no consensus on doing curves at 192-bit and 256-bit security
level, then the plan would be to abandon work on such curves until after
we've delivered recommendations to the TLS WG. The chairs' current
thinking would be to then come back to this later on. (Of course, at that
point, people might decide that IETF is not the place to put their
efforts, and that NIST's activity is the place to be. So be it.)

Cheers,

Kenny 

>
>On Wed, Feb 11, 2015 at 5:47 AM, Russ Housley
><housley@vigilsec.com> wrote:
>
>I agree with this prioritization.  I thought the question that the CFRG
>Co-chair was asking was about the value working on other curves _after_
>the recommendation for a 128-bit security curve is done.
>
>Russ
>
>
>
>On Feb 10, 2015, at 10:42 PM, Bindhunadhava wrote:
>
>
>I agree with Kurt, we MUST get 2^128 recommendation out the door ASAP.
>talking about other levels at this point is a distraction.
>So my answer to both questions is
>NO at this time!
> 
>  Olafur
>
>
>
>
>
>
>
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>http://www.irtf.org/mailman/listinfo/cfrg
>
>
>
>
>
>

v2.23.0 | Report a Bug | By Email