Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt
Michael Scott <mike.scott@miracl.com> Sun, 31 March 2019 19:28 UTC
Return-Path: <mike.scott@miracl.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 649A6120048 for <cfrg@ietfa.amsl.com>; Sun, 31 Mar 2019 12:28:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=miracl-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id croZbUaSTE_G for <cfrg@ietfa.amsl.com>; Sun, 31 Mar 2019 12:28:48 -0700 (PDT)
Received: from mail-it1-x12c.google.com (mail-it1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1072E120003 for <cfrg@irtf.org>; Sun, 31 Mar 2019 12:28:48 -0700 (PDT)
Received: by mail-it1-x12c.google.com with SMTP id m137so11443307ita.0 for <cfrg@irtf.org>; Sun, 31 Mar 2019 12:28:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=miracl-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=1GV6V16pf+WntKQbNw4iFDZViqwbEQOUvEX6Og3k0Mw=; b=SZYlQZy7x92vbGQiEwuHE2+2do93tv4SydWm2SyBTpJTQB/yNy02QdXnvsmlUOW4tb S0C+BAY2HeJqG+Dc5DAHEooDI4z6ncuee3hVK/oQeKelbkhbPKnwZb3uJUQjckOwJV7a QY135v7mIttqfPmocLCJYZe+XS1r25+ZUoVv8l9/cNVBR8stwDBMwqLawHeygLYo22Qz NBpWIRTn323f2Aczz/4+tk6fZjs3SRfRYJQiwMTrBNN3ImJgUS6UX8f/I7n349ah6rND DFxI7QuA3tOq3rhgZxPxlFLp4a+exQv3WEZPKJlB0hsH/PJWilLbpUwjKHRUm8gzwEAR C+qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=1GV6V16pf+WntKQbNw4iFDZViqwbEQOUvEX6Og3k0Mw=; b=dKpWjZdQE2Dtz+chJU/komQsWA9ipX52tSF7huqRRtnR/pDix+JHsRcev7VyMGhBk1 h5Odc/bwJoPYtFZxyXGAxoqJdnfdk6vcb4HROTleVfMl7x3YYo1zJN/H293+P1bJzEa4 CoRD6+kEI2E+JI8gbjL3cgLqFPPunvA0i+hz1/ziPplduaPhTlaMPqiAYuDT0Bu94HQo 8LOSjIgfcHjKlVQTn9IBEsY8YsiWsz2ti5GXr77WuG9p5lGzDGmBuW5TdMYtF03IoAvV BrLb0lCshGBGk/HjOkDpKetL2/M+R0u9Op+MAVHHddHiwRTnOURgmEwzR3KYkfhCIvNF WEWw==
X-Gm-Message-State: APjAAAVHqvOuHEc8nNtk2ODnmUSxOHXvMDKz05bkuRCW+abzpLDxqg18 0zmDqn5IH9STLLZrQmbko/Yg3TSreMWRt4in4kazBF97PfA=
X-Google-Smtp-Source: APXvYqysiJw0mRO66kwfx32oY8ZKsFeUg3pHN2+2TWmKNDvjiblTMnyCBjccRCXY3JNoaxreHfGEjOrJ+Vba5RoNMes=
X-Received: by 2002:a24:8d03:: with SMTP id w3mr12238362itd.103.1554060526867; Sun, 31 Mar 2019 12:28:46 -0700 (PDT)
MIME-Version: 1.0
References: <155231848866.23086.9976784460361189399@ietfa.amsl.com> <737ea2b3-74e3-d02e-a44d-c44cca5db036@lepidum.co.jp> <CAEseHRrSiJ72tQepyTiL=pSBcRRLGXhnJyy_QzOubWax+v=Ntw@mail.gmail.com> <CAEseHRqh4d0VaeSaj4CWr_ZxJbbpm33ZaLF-aYGBjVowFNLFeQ@mail.gmail.com> <c57bbf7b-3177-eb64-a3c0-26842fccbb89@lepidum.co.jp> <CAEseHRrVomCo6KD7gidCRBzKJDzFZRQ+q0+PjfBr8tQT4dVpMQ@mail.gmail.com> <b016d1f6-68e4-9728-c738-ab72c593dfd1@lepidum.co.jp> <CAEseHRoLGFbf74HT9n2beryc9Liqf2Hz+_rh-yo6Q8hNqwCvNQ@mail.gmail.com> <17e2c039-3c20-21a6-0201-4278c988c060@lepidum.co.jp>
In-Reply-To: <17e2c039-3c20-21a6-0201-4278c988c060@lepidum.co.jp>
From: Michael Scott <mike.scott@miracl.com>
Date: Sun, 31 Mar 2019 20:28:44 +0100
Message-ID: <CAEseHRp0ALe9Wc9VCNNNwgF=jhgC7TTy=eZx60Mz8fJ-H6wCXA@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000a9f689058568e937"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zqSryImEw7-jzPxJHKSNU_AfIPo>
Subject: Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2019 19:28:53 -0000
Hello Shoko, Thanks for previous clarifications. I am a bit puzzled by the proposed BN462 curve You chose the curve E:y^2=x^3+5 On the twisted curve you choose E':y^2=x^3-u+2 (and I am unclear where -u+2 came from) In the paper that first suggested the curve - https://eprint.iacr.org/2017/334.pdf the authors suggest E: y^2=x^3-4, and E': y^2=x^3-4(1+u) which seems simpler, and closer to the BLS381 approach I am attempting to implement these curves (and already have BLS381 done). Any help is much appreciated. Mike On Fri, Mar 29, 2019 at 10:03 AM Shoko YONEZAWA <yonezawa@lepidum.co.jp> wrote: > Hi Mike, > > This difference is probably caused by representation of an extension field. > We encoded the generator G' = (x', y') where x' = a'*u + b' and y' = > c'*u + d' by > > x' : a'*p + b' (in Z) and > y' : c'*p + d' (in Z), > > whereas zkcrypto encoded it like > > x' : a' || b' and > y' : c' || d'. > > We followed the convention shown in IEEE 1363a-2004. > > As you suggested, it is helpful to describe a',b',c',d' as well as x', y'. > We add these value in the next version. > > Thank you again, > Shoko > > On 2019/03/28 20:11, Michael Scott wrote: > > OK. However for the BL381 curve for example the G2 generator point does > not > > appear to be the same as the one given here... > > > > https://github.com/zkcrypto/pairing/tree/master/src/bls12_381 > > > > Also it would help if the individual components of x' and y' were > > highlighted. For example if x'=a'u+b' it would be useful to know were a' > > ends and b' begins. > > > > Also as in the above link it would I think be good practice to state > > exactly how the values for G1 and G2 were arrived at. > > > > Mike > > > > On Thu, Mar 28, 2019 at 7:27 AM Shoko YONEZAWA <yonezawa@lepidum.co.jp> > > wrote: > > > >> Hi Mike, > >> > >> Thank you again for the feedback. > >> > >> > It would be helpful for implementors to know if the curves support > an > >> > M-Type or D-Type twist. > >> > > >> > BLS381 and BN462 are both M-Type. BLS48_581 is D-Type. > >> > >> As the information for implementers, > >> we add the description of M-type or D-type for each curve. > >> > >> > Also I think a standard should also include a generator point for > G2 for > >> > interoperability, as well as for G1. For example an implementation > of > >> BLS > >> > short signature probably requires a generator in G2. > >> > >> The generator point for G2 is described as a base point G' = (x', y') > >> in our draft. > >> We revise the description for clarification. > >> > >> Best, > >> Shoko > >> > >> On 2019/03/21 0:48, Michael Scott wrote: > >>> A couple of further observations.. > >>> > >>> It would be helpful for implementors to know if the curves support an > >>> M-Type or D-Type twist. > >>> > >>> BLS381 and BN462 are both M-Type. BLS48_581 is D-Type. > >>> > >>> Also I think a standard should also include a generator point for G2 > for > >>> interoperability, as well as for G1. For example an implementation of > BLS > >>> short signature probably requires a generator in G2. > >>> > >>> Mike > >>> > >>> On Tue, Mar 19, 2019 at 3:39 AM Shoko YONEZAWA <yonezawa@lepidum.co.jp > > > >>> wrote: > >>> > >>>> Dear Mike, > >>>> > >>>> Thank you very much for your comments. > >>>> > >>>>> The suggested curves do not appear to meet the requirement for > subgroup > >>>>> security which is indicated as being a desirable property in section > >>>> 3.1 - > >>>>> “One has to choose parameters so that the cofactors of G_1, G_2 and > G_T > >>>>> contain no prime factors smaller than |G_1|, |G_2| and |G_T|”.. > >>>>> > >>>>> The case could be made that subgroup security is not so important, > but > >> if > >>>>> so the text in 3.1 should be modified to reflect this point of view. > >>>> > >>>> As you pointed out, we found that our suggested curves are not > >>>> subgroup-secure. > >>>> For standardization, we focus on the existing implementations as well > as > >>>> sufficient security. > >>>> We think it impractical to choose a completely new parameter and > >>>> implement it from now. > >>>> Therefore, we would like to recommend the current parameters we > >>>> described in the draft with modifying our description of subgroup > >> security. > >>>> > >>>> We are keeping watching the research activity and ready to change > >>>> parameters if a critical attack for pairing-friendly curves which > don't > >>>> meet subgroup security is found. > >>>> > >>>>> Another point – the BLS381 curve was chosen for a very particular > >> (albeit > >>>>> important) application where it is a requirement that r-1 has a > factor > >> of > >>>>> 2^m for a large value of m. Curves chosen with application-specific > >>>>> benefits should I suggest be considered carefully if proposed as more > >>>>> general purpose standards. Note that this particular application > >>>>> disadvantages BN curves, as due to the form of its formula for r, > this > >>>>> particular condition is much harder to achieve. > >>>> > >>>> We guess that BLS12-381 is chosen for the efficient computation of > their > >>>> zero-knowledge proof. Nonetheless, we think BLS12-381 has sufficient > >>>> performance for general purpose. > >>>> > >>>> Best regards, > >>>> Shoko > >>>> > >>>> On 2019/03/15 3:52, Michael Scott wrote: > >>>>> Another point.. > >>>>> > >>>>> For the BLS curves, the cofactor h in G_1 is calculated here as > >>>>> ((t-1)^2)/3, and this will work fine as a co-factor, where a random > >> point > >>>>> on the curve over the base field can be multiplied by this co-factor > to > >>>>> create a point of order r in G_1. But this co-factor is unnecessarily > >>>> large. > >>>>> > >>>>> The same can be achieved by using (t-1) as a co-factor, due to the > >>>>> structure of pairing friendly fields. This will be twice as fast. > >>>>> > >>>>> > >>>>> Mike > >>>>> > >>>>> > >>>>> However to > >>>>> > >>>>> On Thu, Mar 14, 2019 at 3:21 PM Michael Scott <mike.scott@miracl.com > > > >>>> wrote: > >>>>> > >>>>>> Hello, > >>>>>> > >>>>>> I greatly welcome this proposal, and would not want to slow its > >> progress > >>>>>> in any way. It is long overdue that pairing-friendly curves be > >>>>>> standardized, before unsuitable de-facto standards emerge, which may > >>>> not be > >>>>>> ideal, but which may nevertheless become widely deployed. > >>>>>> > >>>>>> However I make the following observations about the particular > curves > >>>>>> suggested. > >>>>>> > >>>>>> The suggested curves do not appear to meet the requirement for > >> subgroup > >>>>>> security which is indicated as being a desirable property in section > >>>> 3.1 - > >>>>>> “One has to choose parameters so that the cofactors of G_1, G_2 and > >> G_T > >>>>>> contain no prime factors smaller than |G_1|, |G_2| and |G_T|”. > >>>>>> > >>>>>> The case could be made that subgroup security is not so important, > but > >>>> if > >>>>>> so the text in 3.1 should be modified to reflect this point of view. > >>>>>> > >>>>>> The curve BN462 is not sub-group secure, as in G_T (p^4-p^2+1) /r > has > >>>>>> small factors of 2953, 5749 and 151639045476553 (amongst others). I > >>>> didn’t > >>>>>> check G_2. > >>>>>> > >>>>>> The curve BLS381 has the same problem, as (p^4-p^2+1) /r has small > >>>> factor > >>>>>> of 4513, 584529700689659162521 and more. Again I didn’t check G_2 > >>>>>> > >>>>>> The curve BLS48-581 has the same problem, as (p^4-p^2+1) /r has a > >> small > >>>>>> factor of 76369, and probably others. Again I didn’t check for G_2 > >>>>>> > >>>>>> The draft does point out that for BLS curves, when hashing to a > point > >> in > >>>>>> G_1, multiplication by a small co-factor h>1 will always be > necessary. > >>>>>> > >>>>>> In my opinion sub-group security in G_T is particularly important if > >> it > >>>> is > >>>>>> desirable to offload the pairing calculation to an untrusted server, > >>>> and so > >>>>>> it is a feature I would consider useful in a standard curve. In our > >>>>>> experience finding such curves is relatively easy (although finding > >>>> curves > >>>>>> that are sub-group secure in both G_2 and G_T is more > problematical).. > >>>>>> > >>>>>> Another point – the BLS381 curve was chosen for a very particular > >>>> (albeit > >>>>>> important) application where it is a requirement that r-1 has a > factor > >>>> of > >>>>>> 2^m for a large value of m. Curves chosen with application-specific > >>>>>> benefits should I suggest be considered carefully if proposed as > more > >>>>>> general purpose standards. Note that this particular application > >>>>>> disadvantages BN curves, as due to the form of its formula for r, > this > >>>>>> particular condition is much harder to achieve. > >>>>>> > >>>>>> > >>>>>> Mike > >>>>>> > >>>>>> On Wed, Mar 13, 2019 at 10:33 AM Shoko YONEZAWA < > >> yonezawa@lepidum.co.jp > >>>>> > >>>>>> wrote: > >>>>>> > >>>>>>> Hi there, > >>>>>>> > >>>>>>> Thank you for your comments to our pairing-friendly curve draft. > >>>>>>> We submitted a new version. > >>>>>>> > >>>>>>> According to Kenny's comments, > >>>>>>> we added the following description to the new version. > >>>>>>> > >>>>>>> - Pseudo-codes for pairing computation > >>>>>>> - Example parameters and test vectors of each curve > >>>>>>> > >>>>>>> We now published our working draft on GitHub, > >>>>>>> together with the BLS signature group. > >>>>>>> Please feel free to submit issues. Your comments are really > >>>> appreciated. > >>>>>>> > >>>>>>> https://github.com/pairingwg/pfc_standard/ > >>>>>>> > >>>>>>> Best, > >>>>>>> Shoko > >>>>>>> > >>>>>>> -------- Forwarded Message -------- > >>>>>>> Subject: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt > >>>>>>> Date: Mon, 11 Mar 2019 08:34:48 -0700 > >>>>>>> From: internet-drafts@ietf.org > >>>>>>> Reply-To: internet-drafts@ietf.org > >>>>>>> To: i-d-announce@ietf.org > >>>>>>> > >>>>>>> > >>>>>>> A New Internet-Draft is available from the on-line Internet-Drafts > >>>>>>> directories. > >>>>>>> > >>>>>>> > >>>>>>> Title : Pairing-Friendly Curves > >>>>>>> Authors : Shoko Yonezawa > >>>>>>> Sakae Chikara > >>>>>>> Tetsutaro Kobayashi > >>>>>>> Tsunekazu Saito > >>>>>>> Filename : > >>>> draft-yonezawa-pairing-friendly-curves-01.txt > >>>>>>> Pages : 28 > >>>>>>> Date : 2019-03-11 > >>>>>>> > >>>>>>> Abstract: > >>>>>>> This memo introduces pairing-friendly curves used for > >> constructing > >>>>>>> pairing-based cryptography. It describes recommended > >> parameters > >>>> for > >>>>>>> each security level and recent implementations of > >> pairing-friendly > >>>>>>> curves. > >>>>>>> > >>>>>>> > >>>>>>> The IETF datatracker status page for this draft is: > >>>>>>> > >>>> > >> > https://datatracker.ietf.org/doc/draft-yonezawa-pairing-friendly-curves/ > >>>>>>> > >>>>>>> There are also htmlized versions available at: > >>>>>>> > >> https://tools.ietf.org/html/draft-yonezawa-pairing-friendly-curves-01 > >>>>>>> > >>>>>>> > >>>> > >> > https://datatracker.ietf.org/doc/html/draft-yonezawa-pairing-friendly-curves-01 > >>>>>>> > >>>>>>> A diff from the previous version is available at: > >>>>>>> > >>>>>>> > >>>> > >> > https://www.ietf.org/rfcdiff?url2=draft-yonezawa-pairing-friendly-curves-01 > >>>>>>> > >>>>>>> > >>>>>>> Please note that it may take a couple of minutes from the time of > >>>>>>> submission > >>>>>>> until the htmlized version and diff are available at > tools.ietf.org.. > >>>>>>> > >>>>>>> Internet-Drafts are also available by anonymous FTP at: > >>>>>>> ftp://ftp.ietf.org/internet-drafts/ > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> I-D-Announce mailing list > >>>>>>> I-D-Announce@ietf.org > >>>>>>> https://www.ietf.org/mailman/listinfo/i-d-announce > >>>>>>> Internet-Draft directories: http://www.ietf.org/shadow.html > >>>>>>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> Cfrg mailing list > >>>>>>> Cfrg@irtf.org > >>>>>>> https://www.irtf.org/mailman/listinfo/cfrg > >>>>>>> > >>>>>> > >>>>> > >>>> > >>>> -- > >>>> Shoko YONEZAWA > >>>> Lepidum Co. Ltd. > >>>> yonezawa@lepidum.co.jp > >>>> TEL: +81-3-6276-5103 > >>>> > >>> > >>> > >>> _______________________________________________ > >>> Cfrg mailing list > >>> Cfrg@irtf.org > >>> https://www.irtf.org/mailman/listinfo/cfrg > >>> > >> > >> -- > >> Shoko YONEZAWA > >> Lepidum Co. Ltd. > >> yonezawa@lepidum.co.jp > >> TEL: +81-3-6276-5103 > >> > >> _______________________________________________ > >> Cfrg mailing list > >> Cfrg@irtf.org > >> https://www.irtf.org/mailman/listinfo/cfrg > >> > > > > > > _______________________________________________ > > Cfrg mailing list > > Cfrg@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > > > -- > Shoko YONEZAWA > Lepidum Co. Ltd. > yonezawa@lepidum.co.jp > TEL: +81-3-6276-5103 > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Marek Jankowski
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-fr… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… David Wong
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Paterson Kenneth
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… John Mattsson
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Marek Jankowski
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Dan Brown
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… John Mattsson
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… denis bider
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Björn Haase
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… William Whyte
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Watson Ladd
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Watson Ladd
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… John Mattsson
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Damien Miller
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Ruslan Kiyanchuk
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… mcgrew
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Paterson Kenneth
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… mcgrew
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… A. Huelsing
- Re: [Cfrg] I-D Action: draft-yonezawa-pairing-fri… Paul Hoffman
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Salz, Rich
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Paterson Kenneth
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott