Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 11 February 2015 14:23 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A19FA1A026F for <cfrg@ietfa.amsl.com>; Wed, 11 Feb 2015 06:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K6_zqTRD1Iy3 for <cfrg@ietfa.amsl.com>; Wed, 11 Feb 2015 06:23:55 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0649.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::649]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A50711A01AE for <cfrg@irtf.org>; Wed, 11 Feb 2015 06:23:54 -0800 (PST)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB382.eurprd03.prod.outlook.com (10.141.10.12) with Microsoft SMTP Server (TLS) id 15.1.81.19; Wed, 11 Feb 2015 14:23:47 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.01.0081.018; Wed, 11 Feb 2015 14:23:47 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
Thread-Index: AQHQRWA9TxnRtGYBQUOhPFAlIPaYCZzqvv2AgAAP2wCAAHaggIAANdOAgAAGoYA=
Date: Wed, 11 Feb 2015 14:23:47 +0000
Message-ID: <D10114F3.3E811%kenny.paterson@rhul.ac.uk>
References: <54D9E2E3.4080402@isode.com> <20150210183423.GA9338@roeckx.be> <1423622761.464212075@apps.rackspace.com> <54DACFB6.1090308@cdac.in> <C7C58FAC-E983-449D-A185-A3A98C2D3DA1@vigilsec.com> <CAMm+Lwhq5FOZ=K_RbYyZ7w5Sa9OAZXuzLXGtWYvEnHCXC2sd1g@mail.gmail.com>
In-Reply-To: <CAMm+Lwhq5FOZ=K_RbYyZ7w5Sa9OAZXuzLXGtWYvEnHCXC2sd1g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [78.146.78.227]
authentication-results: hallambaker.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB382;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB382;
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(51704005)(24454002)(479174004)(377454003)(19580405001)(19580395003)(93886004)(92566002)(106116001)(54356999)(76176999)(50986999)(122556002)(40100003)(2900100001)(2950100001)(2420400003)(15975445007)(102836002)(77096005)(36756003)(74482002)(87936001)(46102003)(1720100001)(2656002)(83506001)(86362001)(66066001)(62966003)(77156002)(563064011); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB382; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <218BF728663E824E800BF4224B873503@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2015 14:23:47.7000 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB382
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/u5XrSsHkFg2gC82bjHWNUasoUlI>
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 14:23:57 -0000
Phillip, On 11/02/2015 13:59, "Phillip Hallam-Baker" <phill@hallambaker.com> wrote: >Knowing if we are going to do p=~512 or not makes a big difference to >what I would think we should be doing on p=~256. We're settled on Curve25519 and close relatives at the p=~256 (128-bit security level). The question about 192-bit and 256-bit security was intended to be regarded as being independent of that choice. From your message, it seems you don't think it is. Can you expand? > >If we are not doing p=~512 then this is adding one more point to the zoo, >no biggie. If we are doing p=~512 and NOT p=~384 then we are sending a >signal that we are shutting the zoo down and starting over. > I don't really understand what you are saying here, as none of it is about the 128-bit security level which is where your message started from. Sorry, but I am confused. > >To give an opinion on the plan, I want to know what the backup plan is >likely to look like. That does not mean agreeing every detail of the >backup plan. If there's no consensus on doing curves at 192-bit and 256-bit security level, then the plan would be to abandon work on such curves until after we've delivered recommendations to the TLS WG. The chairs' current thinking would be to then come back to this later on. (Of course, at that point, people might decide that IETF is not the place to put their efforts, and that NIST's activity is the place to be. So be it.) Cheers, Kenny > >On Wed, Feb 11, 2015 at 5:47 AM, Russ Housley ><housley@vigilsec.com> wrote: > >I agree with this prioritization. I thought the question that the CFRG >Co-chair was asking was about the value working on other curves _after_ >the recommendation for a 128-bit security curve is done. > >Russ > > > >On Feb 10, 2015, at 10:42 PM, Bindhunadhava wrote: > > >I agree with Kurt, we MUST get 2^128 recommendation out the door ASAP. >talking about other levels at this point is a distraction. >So my answer to both questions is >NO at this time! > > Olafur > > > > > > > > >_______________________________________________ >Cfrg mailing list >Cfrg@irtf.org >http://www.irtf.org/mailman/listinfo/cfrg > > > > > >
- [Cfrg] Elliptic Curves - poll on security levels … Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Torsten Schütze
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
- Re: [Cfrg] Elliptic Curves - poll on security lev… Nguyen Dr., Kim
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
- Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Christoph Anton Mitterer
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paul Hoffman
- Re: [Cfrg] Elliptic Curves - poll on security lev… Adam Langley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stephen Farrell
- Re: [Cfrg] Elliptic Curves - poll on security lev… Salz, Rich
- Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
- Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on security lev… Станислав Смышляев
- Re: [Cfrg] Elliptic Curves - poll on security lev… Andy Lutomirski
- Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on security lev… James Cloos
- Re: [Cfrg] Elliptic Curves - poll on security lev… Mike Jones
- Re: [Cfrg] Elliptic Curves - poll on security lev… Benjamin Beurdouche
- Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
- Re: [Cfrg] Elliptic Curves - poll on security lev… David Leon Gil
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Harkins
- Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
- Re: [Cfrg] Elliptic Curves - poll on security lev… Bindhunadhava
- Re: [Cfrg] Elliptic Curves - poll on security lev… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
- Re: [Cfrg] Elliptic Curves - poll on security lev… Manger, James
- Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on security lev… Yoav Nir
- Re: [Cfrg] Elliptic Curves - poll on security lev… Daniel Kahn Gillmor
- Re: [Cfrg] Elliptic Curves - poll on security lev… Stanislav V. Smyshlyaev
- Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on security lev… Dan Brown
- Re: [Cfrg] Elliptic Curves - poll on security lev… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on security lev… Eric Rescorla
- Re: [Cfrg] Elliptic Curves - poll on security lev… Annie Yousar
- Re: [Cfrg] Elliptic Curves - poll on security lev… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Andrey Jivsov
- [Cfrg] Why I think 256-level is a bad idea [Was: … Ilari Liusvaara
- Re: [Cfrg] Why I think 256-level is a bad idea [W… Adam Langley
- Re: [Cfrg] Elliptic Curves - poll on security lev… Michael Scott
- Re: [Cfrg] Elliptic Curves - poll on security lev… Simon Josefsson
- Re: [Cfrg] Elliptic Curves - poll on security lev… _MiW
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Olafur Gudmundsson
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Brian Smith
- Re: [Cfrg] Elliptic Curves - poll on security lev… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on security lev… Joseph Salowey
- Re: [Cfrg] Elliptic Curves - poll on security lev… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on security lev… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on security lev… Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on security lev… Nex6|Bill