Re: [Cfrg] When's the decision?
Watson Ladd <watsonbladd@gmail.com> Thu, 09 October 2014 01:33 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3981F1A88FF for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 18:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ax96YPh3f4JA for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 18:33:34 -0700 (PDT)
Received: from mail-yh0-x22d.google.com (mail-yh0-x22d.google.com [IPv6:2607:f8b0:4002:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E2BC1A88FE for <cfrg@irtf.org>; Wed, 8 Oct 2014 18:33:34 -0700 (PDT)
Received: by mail-yh0-f45.google.com with SMTP id b6so144433yha.32 for <cfrg@irtf.org>; Wed, 08 Oct 2014 18:33:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=J74nz1VGNetJJH/Yr6xDC/oHl/HrpiTivlmUv3rWyAM=; b=ZJyKn/0TBQZyZCGJbgQNAdHIrYlPH/NZLlkU+QjZtHsgTaXl3bfwm6tQQoq2zaEzm0 1IKyvVD1MBnTajoELpOaEA5tDHgE8NzpbHTj7FBaaAcskpfj/X9TbjoemC1dmhSIrQ++ rO5gCgH2YLNeuyxs8zPQGYoltJ+02CHmlqJ014MzLIvc75PnCMvd+NGx0LzJn1xvTBab ApprSWfWooql13ejL7WpuvDWJy+P72BMymDMrMPhSvAUgTxTD23yKmUejNeWm/OliN0s /B7VpcDIMFQ+2nBeQQqlcUaZRIIE7Lgue9rqqys3AUwmaXqxyOk/cWjvEvol5xa/sQ+L 3HZg==
MIME-Version: 1.0
X-Received: by 10.236.132.231 with SMTP id o67mr8910412yhi.146.1412818413778; Wed, 08 Oct 2014 18:33:33 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Wed, 8 Oct 2014 18:33:33 -0700 (PDT)
In-Reply-To: <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to> <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com>
Date: Wed, 08 Oct 2014 18:33:33 -0700
Message-ID: <CACsn0c=6_qBhXsTicPjoQjncf5DoHp+yQZgabS7fGVCjYUc+Yw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "Parkinson, Sean" <sean.parkinson@rsa.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/wb83OmYkjXvNLaHiC-7gxXifP7A
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 01:33:36 -0000
On Wed, Oct 8, 2014 at 3:51 PM, Parkinson, Sean <sean.parkinson@rsa.com> wrote: > I have concerns about a decision being made about which curves to recommend 'before Halloween'. > I am unaware of 3rd parties implementing and confirming all the curves that have been proposed. > Making a decision on new elliptic curves based on data that hasn't been corroborated by a 3rd party is bad practice. As far as I can tell, the implementations are all publicly available, and I believe recent eBATS has included quite a few. > > I have been implementing as many of the curves as I can and my performance results, so far, do not always match those that I have seen in papers. How good are your implementations? Being fast is hard. > > Also, I am concerned that, while some curves are being implemented to be constant time, not all curves are being implemented to be cache attack resistant. Either all implementations need to be resistant or all implementations not. Only then can a true comparison be made. All of them should be: this is annoying but straightforward to check by looking at implementations. > > Until these issues are dealt with I feel there is not sufficient information to make a decision. Most of this information is independent of which parameters are picked. > > Sean > -- > Sean Parkinson | Consultant Software Engineer | RSA, The Security Division of EMC > Office +61 7 3032 5232 | Fax +61 7 3032 5299 > www.rsa.com > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Yoav Nir
- Re: [Cfrg] When's the decision? Stephen Farrell
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? David Jacobson
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Michael Hamburg
- Re: [Cfrg] When's the decision? David Jacobson
- Re: [Cfrg] When's the decision? D. J. Bernstein
- [Cfrg] Publicly verifiable benchmarks D. J. Bernstein
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Mike Hamburg
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Phillip Hallam-Baker
- Re: [Cfrg] When's the decision? Mike Hamburg
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] Publicly verifiable benchmarks David Jacobson
- Re: [Cfrg] Publicly verifiable benchmarks Michael Hamburg
- Re: [Cfrg] Publicly verifiable benchmarks Andrey Jivsov
- Re: [Cfrg] Publicly verifiable benchmarks Watson Ladd
- Re: [Cfrg] Publicly verifiable benchmarks Parkinson, Sean
- Re: [Cfrg] Publicly verifiable benchmarks D. J. Bernstein
- Re: [Cfrg] Publicly verifiable benchmarks Michael Hamburg
- [Cfrg] Constant-time implementations D. J. Bernstein
- Re: [Cfrg] Constant-time implementations David Jacobson
- Re: [Cfrg] Constant-time implementations Adam Langley
- Re: [Cfrg] Constant-time implementations Yoav Nir
- Re: [Cfrg] Constant-time implementations Watson Ladd
- Re: [Cfrg] Constant-time implementations Mike Hamburg
- Re: [Cfrg] When's the decision? Paterson, Kenny
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Ilari Liusvaara
- Re: [Cfrg] When's the decision? Yoav Nir
- [Cfrg] ed448goldilocks vs. numsp384t1 and numsp51… D. J. Bernstein
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Ilari Liusvaara
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Michael Hamburg
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Ilari Liusvaara
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Michael Hamburg