Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle)
tom p. <daedulus@btconnect.com> Wed, 09 December 2015 17:20 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6DB01A0120 for <ietf@ietfa.amsl.com>; Wed, 9 Dec 2015 09:20:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7drXjzaSXn9 for <ietf@ietfa.amsl.com>; Wed, 9 Dec 2015 09:20:11 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0709.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::709]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5A8E1A0104 for <ietf@ietf.org>; Wed, 9 Dec 2015 09:20:10 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=daedulus@btconnect.com;
Received: from pc6 (86.185.87.133) by AM2PR07MB0515.eurprd07.prod.outlook.com (10.160.31.20) with Microsoft SMTP Server (TLS) id 15.1.337.19; Wed, 9 Dec 2015 17:19:51 +0000
Message-ID: <00ba01d132a5$8f6af880$4001a8c0@gateway.2wire.net>
From: "tom p." <daedulus@btconnect.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <20151204170507.5160.44472.idtracker@ietfa.amsl.com><56656C43.5070501@alvestrand.no><56656DD2.9010609@cs.tcd.ie><029801d13270$30c68ea0$4001a8c0@gateway.2wire.net> <CAMm+LwhsjsbxOWTCHhh450ORxp8itLf=-3+CUDd7NXSUxm=BWg@mail.gmail.com>
Subject: Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle)
Date: Wed, 09 Dec 2015 17:08:15 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.185.87.133]
X-ClientProxiedBy: DBXPR04CA0036.eurprd04.prod.outlook.com (10.141.8.164) To AM2PR07MB0515.eurprd07.prod.outlook.com (25.160.31.20)
X-Microsoft-Exchange-Diagnostics: 1; AM2PR07MB0515; 2:xHY9699DJiDWHFFyuuxzwrrx06lqAXz+gsZwpfLIooa19XdKotw2qVnewxDPdwcSRUcYZgfLPpXTkDZo1siMxJOeuJP08Suzs/HEXx18VrfflAoB1ZETnPXxLYIoQJxyHOyoONLAwJQYL6KXXl+3Fw==; 3:6JLdSbDWNxp22g6wcy240TMzW8oJOl4N3rfveFICENuhi87qN4E3EGr6kL6GO03s1cb9n0ltxSCLvkbxKdUzV+oBrjO4yzraWvl7J83LrNPC7xeqgqqh9tY/iFLiP+kh; 25:OamY/hr1gwu9tCravEAgjAoLNIc9lFBcWcBF/BtoCV2D72Am+g/nqUxEju6Yld3Yci2Ee8dwSbwxfvuI+7FJ8Yx/T0v+Bwp1Y/abVh536uKY0nx6zGZZazWsOn9mrnGGyJ6trTOP4T0NNva6j0wgHIABo1hHDA4f8HLUxCgY8EZ5neYLgjHw4Jm8+lRZlwZ3P6Cec8L9LnNL3vgjLM069qB/pR+31Rl9HriS+LMufFRYujb7Jy82iQWwcGxEK+z5CMJ+x3uRasXUmEQmd5T5QA==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM2PR07MB0515;
X-Microsoft-Antispam-PRVS: <AM2PR07MB0515059C3FE84A38C617437DC6E80@AM2PR07MB0515.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(32856632585715)(178726229863574);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(520078)(3002001)(10201501046); SRVR:AM2PR07MB0515; BCL:0; PCL:0; RULEID:; SRVR:AM2PR07MB0515;
X-Microsoft-Exchange-Diagnostics: 1; AM2PR07MB0515; 4:0TOKO4gSAw7otTgS61iMKZDYbjB2dYOQqNoIKxJAkBy13RNYZRgVZXqOMkv1C7WtdMAIPpKvnnsTHwXGR+WmcvdcUFegywlldq4Sfcwy2WN6fUh/EjCD07993lBJ99RgAHGn45vJJK5GJStlDk/KlXBZ+pj8hlgySslp1D3dJRly7CmKhMtONok9G52Nvj3NXPV/qt5fUmYX5dtNaZaeRWDP9J5IRow3bVQCAUerkWPigkBtIE1cm4ToGcK/oM1L99gPVqWZwHS/rNxtQ6BHh+0aYCWbpiL1dzzIYvEl0TJy+CqOrU4ETDAm7RxDgGWuWWpdpQ3K6VxNPljfIdP4ZFNt+Sw7EJssEYBs15ZNzIdiTKRe+IfxFLknKZRdbTDOuD4rg3ZZ8Sb2zK8y02tOxpYc4D8ti5NW7KtLbypG7lBmewWhTeJAP9Rq9GAUh+2IUgb1m/0ThGjCWIRjA4ZW/g==
X-Forefront-PRVS: 0785459C39
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(479174004)(377454003)(199003)(189002)(13464003)(24454002)(110136002)(92566002)(14496001)(122386002)(97736004)(93886004)(81156007)(561944003)(5001960100002)(66066001)(81686999)(116806002)(189998001)(84392001)(230700001)(87976001)(47776003)(86362001)(40100003)(76176999)(50226001)(101416001)(19580395003)(44736004)(106356001)(5004730100002)(586003)(50466002)(19580405001)(1556002)(61296003)(23676002)(42186005)(77096005)(50986999)(33646002)(62236002)(1096002)(44716002)(3846002)(5008740100001)(105586002)(1456003)(81816999)(6116002)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM2PR07MB0515; H:pc6; FPR:; SPF:None; PTR:InfoNoRecords; A:0; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;AM2PR07MB0515;23:4wDpW9SCwBUrSixGcLYfH/n5rVO/W/ZB2NVWh5BVtPSph8D8jtrkrIO4BjMGy/+MYOjwgQihpACaHV3LZ6dWegWHIejF0gv3p8b2zc7p9/5kHc/0i4XsOjYLiCdoDrwQ5I5zXgEpTUR7XaDhk3a/aqUPSO1uOpoeT/PZJxkufYHAmMcisGkxGabEPKJbgu5WWtk/Cg6IY7FVcS6psg7wmgnpL+wdGxoiuzM5PcTaexqv3rPo4Wcn7J9Yu7QBwG0P9zKKkUahXpZwVDpQ06/TObVKdhDxlLcWqPucsNVw5dzOh00TpDEskP2vuscFUFs5MhDEEv/qextdH/MgywM95Lw4/DpwIkcJyClgOQxToppKFLnLzBBytqH372E5Im1WiYAErg5M8Sy1Y9D3lfWbFXWvwwYLNbHYuEh7dkTLuPy2os7h77LR7YPyI/oJ6YcaY0qGttq3D+8kwhh2zPNL1yzL58m2BmFmC4NABmwUFIZHJIvgp5SrBCKmTS6FmbT308zxfwkGDkT88MJ7EEqdWSoXnlOabmSNaO8+dVR6ueYFGe6SaZ6834Nk2FPwucmM2/bZu1kMC/JeACOpHpoIhhPN9Qf1+Z2Bwoua2mPNJUwTgUR//i71wwPvw+eWxRpY+aFIYq98yInY/7OFEmHt+gR8tER/1ViVlpkYdGt0UcnQUZcwB2QEl55UxyKOOjgB5+d6s1i+HPxZuQZTpZ9aA/UqlGTPpNQqqNvDMt/GJocKl4/uRXU63yzkU3CLNT9/ghewnHcmxnGQuCAVaMzagES/s0ld3O/V90EdZLpTJTWq27EwRl74IcFYK6ibJv8215ZisQN0zcNQi0EObZWt5U+NxToVT7OPJwF/aiGbH+h5Jh6ScoI2UcN2PcuNp0AhaKTwV0ZYvFBG3tTTR5Fw2X1HsTggcuk+4wCbpqftx3DKIdcNPdwR3gF+mZpzwy75mmkYWQ1YpLkrGT+8NvGgEpw1nEZ4FcWejIPn+tMgFblzk720aMippysmO20VNjTkVawmLbEPtnQztXcuOpqsZWElH1ggKiffpIZLYsHDLlz2wMcJeTyQxUsw3gHCY9wO2cT/hKdOmJdq4R3G/4QWmAZWN3l9sd/apOAbluF5tn4Ax4sk+W57LDK+CfMlQpEHYy+y/43P5WwPiz6mJkxsQKrJ9KzeBMJ56hgdSSLtHGv2WgfEk1aNZuMlHDkoNKNGx0CQjpAFeQgftTJxcpX8mL2X8nAuZU0e74y4G1Z8XjDiz4CHn6K0SwVUGDK2HVrzzaUvy2DyMHCGW5KY11d3PWYuriDlvQbQ4RyXv3HU9B/4/goFOJIkztweFYmZ8bdf9iJ6I/ZxZwdVXDSc850iGA==
X-Microsoft-Exchange-Diagnostics: 1; AM2PR07MB0515; 5:ldz7S7XA3VMVsN4ZlbBeO9lrkUZovUHdcodxbrrvBrtm9wHR+ySq8dOgg92GCoSQ2R0a0tjmGZPQO6Y2f4Ked42do73z1i7qbR7ASp2d+pAfzGX1/Vp9AUAkOuxQazmM/1ke6DnCz28rlMMwNPl4SQ==; 24:Yo1ER8gwjupZwvYyarZqHjTmZHt7296VqRtuovZ2SY8FWOrd1BTmO3/px3G7HZ4mP9XPXxSlIA13JyLkFr45AcPfIGacXu2wjS//wYWSzaw=
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2015 17:19:51.4419 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR07MB0515
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/JOOO4Lwn-GR1E-7S5AGthyKWuR0>
Cc: Harald Alvestrand <harald@alvestrand.no>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2015 17:20:21 -0000
----- Original Message ----- From: "Phillip Hallam-Baker" <phill@hallambaker.com> To: "tom p." <daedulus@btconnect.com> Cc: "Harald Alvestrand" <harald@alvestrand.no>; "IETF Discussion Mailing List" <ietf@ietf.org>; "Stephen Farrell" <stephen.farrell@cs.tcd.ie> Sent: Wednesday, December 09, 2015 2:28 PM > On Wed, Dec 9, 2015 at 5:43 AM, tom p. <daedulus@btconnect.com> wrote: > > > ----- Original Message ----- > > From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie> > > To: "Harald Alvestrand" <harald@alvestrand.no>; <ietf@ietf.org> > > Sent: Monday, December 07, 2015 11:30 AM > > > > > > Hiya, > > > > > > On 07/12/15 11:23, Harald Alvestrand wrote: > > > > I think there's a piece of backstory here I'm not getting.... > > > > > > > > Den 04. des. 2015 18:05, skrev The IESG: > > > >> The protocols in scope are Secure Shell (SSH), DNSSEC, PKIX, CMS, > > XML > > > >> Digital Signatures and potentially Kerberos and JSON. > > > > > > > > Why is TLS not included? > > > > > > > > It seems likely that the answer is one of: > > > > > > > > 1) TLS is already up-to-date in the space this group is limited to > > > > 2) TLS work is being done in the TLS working group > > > > > > The latter, and a bit of the former:-) > > > > There is also an active SSH list (albeit only about 5 message p.d. > > lately which would barely be noticed on the TLS list:-( and Simon has > > posted a message to the curdle list identifying some of that work; and > > you yourself have posted to it so you know about it! > > > > Conversely, I do not see most of those active on the SSH yet taking part > > in curdle (nor do I see any mention of curdle on the SSH list). > > > > Setting up this WG to look at SSH would seem divisive and unlikely to > > gain any meaningful momentum. > > > > I do think that the Security Area should be reaching out far more to > > other areas to pro-actively provide guidance but do not think that this > > proposal has got it quite right. > > I don't think anything can be read into the lack of mention of CURDLE to > date. Even I wasn't aware of the proposed WG and it is something I have > proposed at least once a year for the past five. All the lack of discussion > shows is that the people weren't part of whatever discussions happened at > Yokohama. Quite probably they didn't attend which is probably the reason I > didn't find out. > > It is rather strange you would suggest that a proposal to establish > consistent support for a set of algorithms across all the active IETF > security protocols is 'divisive'. This is an engineering organization with > a mission, not a social club and our mission is to serve the users of the > Internet, not ourselves. Phillip By divisive, I mean that the expertise, the knowledge, the skills will be divided. I see the SSH list as the best source of information on SSH, its use and development. Setting up another list to discuss such matters will divide that expertise; some will join the new list, others will not - the expertise will be divided and so weakened. Tom Petch > From the point of view of a SSH user, what I care about is that the > algorithm choices are secure and wherever possible consistent with the > choices made elsewhere. I really don't care what they are but I do care > that they are exactly the same everywhere. Because that is what standards > are all about. > > Standards are a set of choices that don't matter. If the choice of SMTP > choice mattered to the end user then the end user would need to make the > choice. The reason we can tell everyone it is 25 is precisely the fact that > all that matters is that someone chooses. > > A protocol Working Group is the wrong place to choose crypto algorithms. > The IETF doesn't have permanent Working Groups for a start. If the plan is > to have a WG do a piece of work and shut down in 24 months, it can't have > the job of maintaining crypto. > > The bigger problem is that a WG has less of a voice than the IETF as a > whole and that matters when it comes to influencing platform providers. At > the moment, nobody implements CFRG signature and there are many toolkits > that don't do AES-GCM. Most toolkits are actually written to support one > specific application and then repurposed. So the set of algorithms you can > use is effectively the intersection of TLS and PGP. > > Having one set of crypto that every IETF protocol uses means that we can > tell the platform developers what we want and be very likely to get it. > This is the way to bring the long threads on GitHub on choices of new > algorithms to be supported in .NET Core to a conclusion. > > The risk of setting up a WG like CURDLE is that it becomes a forum for > choosing between people's new and (they think) wonderful crypto algorithms. > Which is why every time I have suggested choosing algorithms from the set > already in use. The scope should certainly be expanded to include SHA3 but > needs to be restrictive because otherwise the effort will become a forum > for custom crypto. >
- Re: WG Review: CURves, Deprecating and a Little m… Harald Alvestrand
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… Donald Eastlake
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… tom p.
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… tom p.
- Re: WG Review: CURves, Deprecating and a Little m… tom p.
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… David Morris
- Re: WG Review: CURves, Deprecating and a Little m… Warren Kumari
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker