Re: [Curdle] Which curves are MUST and SHOULD ?

"Salz, Rich" <rsalz@akamai.com> Tue, 15 December 2020 16:09 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A0FB3A0ACB for <curdle@ietfa.amsl.com>; Tue, 15 Dec 2020 08:09:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CN7vRNCpzBK for <curdle@ietfa.amsl.com>; Tue, 15 Dec 2020 08:09:22 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 494DB3A11FB for <curdle@ietf.org>; Tue, 15 Dec 2020 08:09:22 -0800 (PST)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0BFFs6Vc014111; Tue, 15 Dec 2020 16:09:16 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=A1beMJ3O5Am6YDl66RL/u1Zxxz8iH3TFBI/xSa2zAP8=; b=DW81wWlqM768IkD1C+gT0w6K6vWubRwfdiajE+LNqpe7MhphXhC8zedHoRuklAA/D0kJ 97sQcmErgib2FxKDFmIyeU+0g450QoJxQvbr4gCAMy1gfel4oa28cyExFdlZLZ2VmNPt 93LqBXXEcXiAZkx2iWDPbH9cMWm8u3dMeQX9WrfHJHmQNre6rGk5WEnowNZqDXttdSgn C1RKRUtnDgCLmt6lJgEPJm2P+P1Pz/rjZA3ziZMzgsWZEDmqnzTeCjKvjSfT8q+mcZR/ vQZ7l3IEUXrOKRboxdNECCd1jY8UOuL/J/x2tshBPyO3K5dMMquwQ42mSRVejpUB+rmt YA==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 35dt6n244b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 15 Dec 2020 16:09:16 +0000
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 0BFG3mt9030679; Tue, 15 Dec 2020 11:09:15 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint1.akamai.com with ESMTP id 35ct33espm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 15 Dec 2020 11:09:15 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 15 Dec 2020 11:09:14 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.008; Tue, 15 Dec 2020 11:09:14 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Ron Frederick <ronf@timeheart.net>, "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Curdle Mailing List <curdle@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, Daniel Migault <mglt.ietf@gmail.com>
Thread-Topic: [Curdle] Which curves are MUST and SHOULD ?
Thread-Index: AQHWyABeDuwiXv4Yn0mKui9S8AiiXqni/CsAgABv3oCAACh9AIAFrjIAgAe2fICAAHaXAIAAc/oAgAYJRwCAAHw0AA==
Date: Tue, 15 Dec 2020 16:09:13 +0000
Message-ID: <ED8F3B46-A5CC-4D14-A714-FD1C0AA67486@akamai.com>
References: <2CCABC30-F757-4659-9FF3-5AADDD51EE30@akamai.com> <4b681efd49274f03c7e0521e127e031426632ad0.camel@redhat.com> <CADZyTkk--kCWqE7q0Xi5C40V92MuZBktDzQGt_vPSZPiBy7v9w@mail.gmail.com> <18479.1606885358@eng-mail01.juniper.net> <20201205194724.GB64351@kduck.mit.edu> <37691.1607621661@eng-mail01.juniper.net> <1607647129866.76532@cs.auckland.ac.nz> <2917.1607672034@eng-mail01.juniper.net> <012AE120-2516-44F6-B729-ED342A137535@timeheart.net>
In-Reply-To: <012AE120-2516-44F6-B729-ED342A137535@timeheart.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.44.20121301
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A4E9B8FA711409469775D62EF805CC8D@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-15_12:2020-12-15, 2020-12-15 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 bulkscore=0 suspectscore=0 adultscore=0 phishscore=0 spamscore=0 malwarescore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012150110
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-15_12:2020-12-15, 2020-12-15 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 bulkscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=990 clxscore=1011 mlxscore=0 spamscore=0 malwarescore=0 suspectscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012150110
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.18) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint1
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/SUcAE2cqqTGwWBCX120hlrWC0qU>
Subject: Re: [Curdle] Which curves are MUST and SHOULD ?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 16:09:23 -0000

>    I’m not comfortable with algorithms going from REQUIRED to SHOULD NOT without some kind of transitional period. My suggestion would be to ease into this with SHOULD NOT for now. If you want to discuss BCP in this draft, perhaps that can be a separate section.

We've done it before, MD5, short RSA/DH keys, etc.

We shouldn't pretend that crypto-breaking advances haven't happened.

Admins can make trade-offs anyway.