Re: [Cfrg] Ed448ctx -> was RE: draft-irtf-cfrg-eddsa -- one final proposal for domain separation (context labels) for ed25519

Simon Josefsson <simon@josefsson.org> Fri, 06 May 2016 07:28 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BD9512D12B; Fri, 6 May 2016 00:28:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kgi3WK-aUNdO; Fri, 6 May 2016 00:28:01 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEBFC12B045; Fri, 6 May 2016 00:28:00 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id u467Lqat032041 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 6 May 2016 09:21:53 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Paul Lambert <paul@marvell.com>
References: <5e514b7c361f4ed9a4d6ea41d40c350c@SC-EXCH03.marvell.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:160506:cfrg@ietf.org::NpbncJT2aPEnLyW4:0hD7
X-Hashcash: 1:22:160506:watsonbladd@gmail.com::EsiGEsz87I3x8R1v:1EaJ
X-Hashcash: 1:22:160506:draft-irtf-cfrg-eddsa.all@ietf.org::+Cjl9C90pLK9sLEe:5+u1
X-Hashcash: 1:22:160506:ondrej@sury.org::DTHfMyDa8TqT3jFA:59yN
X-Hashcash: 1:22:160506:dkg@fifthhorseman.net::5+v5Qtrh0F6KcURK:4FZh
X-Hashcash: 1:22:160506:bkaduk@akamai.com::Ok8x72DhdHpEymoi:ABHK
X-Hashcash: 1:22:160506:paul@marvell.com::40w1NzH33oB8szZB:BlhM
X-Hashcash: 1:22:160506:edmonds@debian.org::r2s2/ZNpOFHabEfg:tZuF
Date: Fri, 06 May 2016 09:21:50 +0200
In-Reply-To: <5e514b7c361f4ed9a4d6ea41d40c350c@SC-EXCH03.marvell.com> (Paul Lambert's message of "Mon, 25 Apr 2016 18:03:12 +0000")
Message-ID: <878tznvegh.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.99 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/vcrLutt4yVWpYPjQK89hOH7c0qs>
Resent-From: <alias-bounces@ietf.org>
Resent-To: @ietf.org
Cc: Robert Edmonds <edmonds@debian.org>, "draft-irtf-cfrg-eddsa.all@ietf.org" <draft-irtf-cfrg-eddsa.all@ietf.org>, "cfrg@ietf.org" <cfrg@ietf.org>, =?iso-8859-2?Q?Ond=F8ej_Sur=FD?= <ondrej@sury.org>, Benjamin Kaduk <bkaduk@akamai.com>
Subject: Re: [Cfrg] Ed448ctx -> was RE: draft-irtf-cfrg-eddsa -- one final proposal for domain separation (context labels) for ed25519
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2016 07:28:02 -0000

Paul Lambert <paul@marvell.com> writes:

>> > On Sat 2016-04-23 03:23:15 -0400, Simon Josefsson wrote:
>> >> Further, introducing this tweak late in the process appears unfortunate.
>> >> We are having serious trouble shipping documents people have been
>> >> waiting for as it is.  Redefining what they will get this late in the
>> >> process is harmful.
>> >
>> > My goal in raising this is not to delay the process further, but to at
>> > least clarify for future readers why the interfaces for Ed25519 and
>> > Ed448 differ by a "context" argument, and to give some form of
>> > implementation guidance to people who want to use that argument while
>> > being able to use both signature schemes.
>
> Making names clear is a good idea.
> Perhaps Ed448 should be renamed Ed448ctx

I like this idea -- there is confusion between the "old" Ed448 and
CFRG's modified Ed448 with contexts.  It is pretty mild since the old
Ed448 has not been widely deployed, but still.  If someone like to push
for this, I would support it.

/Simon