IETF Logo Mail Archive

Re: [Cfrg] RFC 7748 on Elliptic Curves for Security

Watson Ladd <watsonbladd@gmail.com> Mon, 25 January 2016 16:01 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 523671B2C9F for <cfrg@ietfa.amsl.com>; Mon, 25 Jan 2016 08:01:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rpvxXRFY0cwW for <cfrg@ietfa.amsl.com>; Mon, 25 Jan 2016 08:01:23 -0800 (PST)
Received: from mail-yk0-x236.google.com (mail-yk0-x236.google.com [IPv6:2607:f8b0:4002:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A2E91B2C92 for <cfrg@irtf.org>; Mon, 25 Jan 2016 08:01:23 -0800 (PST)
Received: by mail-yk0-x236.google.com with SMTP id a85so165624460ykb.1 for <cfrg@irtf.org>; Mon, 25 Jan 2016 08:01:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+NJpABOd1QLv82MBldCIFHqfLuV+zq0RADI/F7og+gs=; b=cFTO9bKlZgg0ujbxkBRg/rtPwBofvNguGrL+M+l1OuVQsyqzFgDE3A4t1xX89hVnVA azpwBtkiwsR09WyrUmzgjWdqjn6goD4mGUUqBVSkpQ/zTnKkpyjyshUxvLXL1Qxxx3D9 04NnKhGRIZkY9O4RA79uFnknBU5amQR/tURN4vpmVSfkZI5ZY30s42kmZbfSNtA/Jf2Y v9lf2SiHfhw4GgBcsMJkRuuzJfNXnGysnEyIuFEaxapQyhCZ8nnhkxQZ04FfV/rgEOX/ ctWdw5jiQWX9XO7ICe/ChgXiV1kG3zV5B2hYD2a6j3nhWKjy010dOaXWzvbei0me5wgt B2Zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=+NJpABOd1QLv82MBldCIFHqfLuV+zq0RADI/F7og+gs=; b=MPJhs6ua/d8mgcNG4nUhBkfK1f8p3TcjQmLf0hJhYZIraTldJVQ4dVXShJg7rGObiu Bp6Y0ToKWeDhbdh2fuErb5dKSvwJCAcaBAkVhauSbTaIPylwirlfeIStM+Gai8k1zXQ3 UJA8bIuDh4YMSo5lgnd1LQxjecHzwqIWDABYg0WELfkhTlkGvI3iZxJVDELXANu6nOcf dwKb8bhfbIQL2MzBNjcReCXLgOg6Ig69QsXYhah9sdbmYwHp71uRYStIivQ5E8ID02br SlKLmOf/U7A/k60tKsfrkrVlgcURjG+mXaCjv0A4DERO45Kop4RJEpwiyxKSyRnDbw7p aAuw==
X-Gm-Message-State: AG10YORmlTHLqLiRDFbd1hhHEsdp+PXEOJAYZp+FUkfOehsURFMbVXbjtfVbhpju+LS8WAJw2M0mm+O/drcAIQ==
MIME-Version: 1.0
X-Received: by 10.129.82.18 with SMTP id g18mr8940911ywb.97.1453737682727; Mon, 25 Jan 2016 08:01:22 -0800 (PST)
Received: by 10.13.216.150 with HTTP; Mon, 25 Jan 2016 08:01:22 -0800 (PST)
In-Reply-To: <56A4B4EA.9030004@cs.tcd.ie>
References: <20160123002710.B4E4818045A@rfc-editor.org> <C8C1DF70-A138-42F9-8647-DAAE9ABD3779@netapp.com> <56A4B4EA.9030004@cs.tcd.ie>
Date: Mon, 25 Jan 2016 08:01:22 -0800
Message-ID: <CACsn0c=G8_+CPivBv92Yj5js_F-6xdSSqS=yX7r3JaU4bPBFKw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/z02kxaA-VHJHNJuXBY4wRGIVVSw>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] RFC 7748 on Elliptic Curves for Security
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 16:01:27 -0000

On Sun, Jan 24, 2016 at 3:26 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
>
> On 24/01/16 08:47, Eggert, Lars wrote:
>> Excellent work, all! This is one of the more important RFCs that the
>> IRTF has published, and will have a direct impact on Internet user
>> privacy.
>
> Indeed. Good work and thanks to all including those whose fav
> curves didn't end up being part of the RFC - the debate, hard
> and gnarly though it was, was also an important part of this.

Really?

This RFC comes some 10 years after the introduction of Curve25519, and
some 5-6 years after everyone realized how simple it is to write
crypto code when you actually care about making it simple. The
existence of tools like signify and minilock was thankfully not
dependent on our blessing, which in any case, because the result is
Informational, apparently doesn't exist. (Nor for that matter was the
adoption in OpenSSH dependent, etc., etc.)

The process hasn't lead to increased support from industry, in fact
the same players are now battling it out at NIST instead. I don't know
that anyone who wasn't planning on supporting Curve25519 before this
discussion is going to introduce it now over their own prefered
alternative, or that it even matters for "Internet user privacy".
Let's Encrypt has had far more of an impact, by ending an ill-thought
out experiment in charging people money to secure their websites. The
various attacks enabled by the bugs in implementations in the NIST
curves generally require some precise targeting: they are not "let's
decrypt all the data on the Internet".

Blake2 didn't have to go through anything like this. Nor did Camelia,
nor the various national elliptic curve standards. I'm glad we are
done with this, but let's not be self-congratulatory about our impact,
which in this case has been extremely negative.

>
> S
>
>>
>> Lars
>>
>> On 2016-01-23, at 1:27, rfc-editor@rfc-editor.org wrote:
>>>
>>> A new Request for Comments is now available in online RFC
>>> libraries.
>>>
>>>
>>> RFC 7748
>>>
>>> Title:      Elliptic Curves for Security Author:     A. Langley, M.
>>> Hamburg, S. Turner Status:     Informational Stream:     IRTF Date:
>>> January 2016 Mailbox:    agl@google.com, mike@shiftleft.org,
>>> sean@sn3rd.com Pages:      22 Characters: 39298
>>> Updates/Obsoletes/SeeAlso:   None
>>>
>>> I-D Tag:    draft-irtf-cfrg-curves-11.txt
>>>
>>> URL:        https://www.rfc-editor.org/info/rfc7748
>>>
>>> DOI:        http://dx.doi.org/10.17487/RFC7748
>>>
>>> This memo specifies two elliptic curves over prime fields that
>>> offer a high level of practical security in cryptographic
>>> applications, including Transport Layer Security (TLS).  These
>>> curves are intended to operate at the ~128-bit and ~224-bit
>>> security level, respectively, and are generated deterministically
>>> based on a list of required properties.
>>>
>>> This document is a product of the Crypto Forum Research Group of
>>> the IRTF.
>>>
>>>
>>> INFORMATIONAL: This memo provides information for the Internet
>>> community. It does not specify an Internet standard of any kind.
>>> Distribution of this memo is unlimited.
>>>
>>> This announcement is sent to the IETF-Announce, rfc-dist and
>>> IRTF-Announce lists.To subscribe or unsubscribe, see
>>> https://www.ietf.org/mailman/listinfo/ietf-announce
>>> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
>>> https://www.irtf.org/mailman/listinfo/irtf-announce
>>>
>>> For searching the RFC series, see
>>> https://www.rfc-editor.org/search For downloading RFCs, see
>>> https://www.rfc-editor.org/rfc.html
>>>
>>> Requests for special distribution should be addressed to either
>>> the author of the RFC in question, or to rfc-editor@rfc-editor.org.
>>> Unless specifically noted otherwise on the RFC itself, all RFCs are
>>> for unlimited distribution.
>>>
>>>
>>> The RFC Editor Team Association Management Solutions, LLC
>>>
>>>
>>
>>
>>
>> _______________________________________________ Cfrg mailing list
>> Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg
>>
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email