Re: [Cfrg] When's the decision?

Watson Ladd <watsonbladd@gmail.com> Thu, 09 October 2014 01:33 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3981F1A88FF for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 18:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ax96YPh3f4JA for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 18:33:34 -0700 (PDT)
Received: from mail-yh0-x22d.google.com (mail-yh0-x22d.google.com [IPv6:2607:f8b0:4002:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E2BC1A88FE for <cfrg@irtf.org>; Wed, 8 Oct 2014 18:33:34 -0700 (PDT)
Received: by mail-yh0-f45.google.com with SMTP id b6so144433yha.32 for <cfrg@irtf.org>; Wed, 08 Oct 2014 18:33:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=J74nz1VGNetJJH/Yr6xDC/oHl/HrpiTivlmUv3rWyAM=; b=ZJyKn/0TBQZyZCGJbgQNAdHIrYlPH/NZLlkU+QjZtHsgTaXl3bfwm6tQQoq2zaEzm0 1IKyvVD1MBnTajoELpOaEA5tDHgE8NzpbHTj7FBaaAcskpfj/X9TbjoemC1dmhSIrQ++ rO5gCgH2YLNeuyxs8zPQGYoltJ+02CHmlqJ014MzLIvc75PnCMvd+NGx0LzJn1xvTBab ApprSWfWooql13ejL7WpuvDWJy+P72BMymDMrMPhSvAUgTxTD23yKmUejNeWm/OliN0s /B7VpcDIMFQ+2nBeQQqlcUaZRIIE7Lgue9rqqys3AUwmaXqxyOk/cWjvEvol5xa/sQ+L 3HZg==
MIME-Version: 1.0
X-Received: by 10.236.132.231 with SMTP id o67mr8910412yhi.146.1412818413778; Wed, 08 Oct 2014 18:33:33 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Wed, 8 Oct 2014 18:33:33 -0700 (PDT)
In-Reply-To: <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to> <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com>
Date: Wed, 08 Oct 2014 18:33:33 -0700
Message-ID: <CACsn0c=6_qBhXsTicPjoQjncf5DoHp+yQZgabS7fGVCjYUc+Yw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "Parkinson, Sean" <sean.parkinson@rsa.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/wb83OmYkjXvNLaHiC-7gxXifP7A
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 01:33:36 -0000

On Wed, Oct 8, 2014 at 3:51 PM, Parkinson, Sean <sean.parkinson@rsa.com> wrote:
> I have concerns about a decision being made about which curves to recommend 'before Halloween'.
> I am unaware of 3rd parties implementing and confirming all the curves that have been proposed.
> Making a decision on new elliptic curves based on data that hasn't been corroborated by a 3rd party is bad practice.

As far as I can tell, the implementations are all publicly available,
and I believe recent eBATS has included quite a few.
>
> I have been implementing as many of the curves as I can and my performance results, so far, do not always match those that I have seen in papers.

How good are your implementations? Being fast is hard.

>
> Also, I am concerned that, while some curves are being implemented to be constant time, not all curves are being implemented to be cache attack resistant. Either all implementations need to be resistant or all implementations not. Only then can a true comparison be made.

All of them should be: this is annoying but straightforward to check
by looking at implementations.
>
> Until these issues are dealt with I feel there is not sufficient information to make a decision.

Most of this information is independent of which parameters are picked.

>
> Sean
> --
> Sean Parkinson | Consultant Software Engineer | RSA, The Security Division of EMC
> Office +61 7 3032 5232 | Fax +61 7 3032 5299
> www.rsa.com
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin