Re: [Cfrg] Formal request from TLS WG to CFRG for new elliptic curves

"Paterson, Kenny" <> Sun, 20 July 2014 11:28 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4B7001B2BAA for <>; Sun, 20 Jul 2014 04:28:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CtFgB9AplWp1 for <>; Sun, 20 Jul 2014 04:28:00 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EEB7B1B2BA9 for <>; Sun, 20 Jul 2014 04:27:59 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.990.7; Sun, 20 Jul 2014 11:27:57 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.990.7; Sun, 20 Jul 2014 11:27:56 +0000
Received: from ([]) by ([]) with mapi id 15.00.0990.007; Sun, 20 Jul 2014 11:27:56 +0000
From: "Paterson, Kenny" <>
To: Benjamin Black <>, "Joseph Salowey (jsalowey)" <>
Thread-Topic: [Cfrg] Formal request from TLS WG to CFRG for new elliptic curves
Thread-Index: AQHPpA2mNvzjiLz1XUSGvu3nsSQESg==
Date: Sun, 20 Jul 2014 11:27:55 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 02788FF38E
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(24454002)(51704005)(479174003)(199002)(189002)(85306003)(81542001)(19580395003)(81342001)(106116001)(106356001)(105586002)(83506001)(4396001)(20776003)(80022001)(66066001)(77982001)(64706001)(87936001)(79102001)(19580405001)(2656002)(101416001)(83072002)(85852003)(21056001)(31966008)(107046002)(86362001)(76482001)(74662001)(95666004)(74482001)(74502001)(36756003)(92566001)(92726001)(46102001)(93886003)(99396002)(50986999)(76176999)(54356999)(781001); DIR:OUT; SFP:; SCL:1; SRVR:DBXPR03MB382;; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
Cc: "" <>
Subject: Re: [Cfrg] Formal request from TLS WG to CFRG for new elliptic curves
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 20 Jul 2014 11:28:02 -0000


On 19/07/2014 18:42, "Benjamin Black" <> wrote:

>"The CFRG has the cryptographic expertise to determine what pairings are
>As do a number of others, including other leaders of the TLS working
>group. I refer you again to RFC5289 and again request an explanation for
>this contradicting of all prior practice in the
> TLS working group.

I'm not sure of the relevance of RFC 5289 here. It does not define any new
curves or fundamentally different algorithms using curves, but instead
simply formalises the use of stronger hash functions for HMAC in existing
combinations such as ECDHE_ECDSA and ECDH_ECDSA. I see that as having been
a necessary bit of tidying-up in the face of realistic concerns about the
long-term security of HMAC-MD5.

As far as I know, the TLS WG is free to ask for advice from any body or
group. It is also free to ignore whatever advice it gets - including from
CFRG. And, in reality, the cryptographic expertise in the TLS WG to which
you refer is also active in CFRG.