Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc6637.

Gregory Maxwell <gmaxwell@gmail.com> Fri, 18 October 2013 07:57 UTC

Return-Path: <gmaxwell@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDBFC21F9F1B for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2013 00:57:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1e+dvlpDLgA for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2013 00:57:31 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 148F321F9F5B for <openpgp@ietf.org>; Fri, 18 Oct 2013 00:57:26 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id hp15so366731lab.38 for <openpgp@ietf.org>; Fri, 18 Oct 2013 00:57:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=H/K1FCk/DTzSYVP6tYYRs3NpkA2Qd8OyuX9syaTei/k=; b=rmPs4OrPfDrN1lfrpGh5SOGK1tBOV+YS2lslo+I8ufVKg3LnQI1GKkIcellx85vaaU 2qqYUOe0VDG/fGv6axGrdrUdHCcf1AgPWGzfFIcY7sdGVrPX6y2ZBVVEUwigEbbUXTmi qeNUztYYrcvSi9N0qPuj+PekgTK4aaAnk0nQxSGhnFbxLfssqNNPDDXulreyhVbx40X+ zIw7HtKitMcHu4ofgElHzGV8aY+KrPl8J3DkvwmOmQ/1sbCBstbtHM8h4El1k6Ainutn HTRV/M55etqpztM3t4MiSJalv4GBZnD/4hkcOqhy4dr3EjeaSrtxcNcCr5UMgpdE/4Yf SsBA==
MIME-Version: 1.0
X-Received: by 10.112.138.37 with SMTP id qn5mr123461lbb.52.1382083045788; Fri, 18 Oct 2013 00:57:25 -0700 (PDT)
Received: by 10.112.89.72 with HTTP; Fri, 18 Oct 2013 00:57:25 -0700 (PDT)
In-Reply-To: <87iowvghx3.fsf@vigenere.g10code.de>
References: <CAAS2fgRG2AbZsz_4aF33Pd167M4-6=-73WAAgxTAjLMdoGNLeQ@mail.gmail.com> <CBE39208-C436-4145-A645-10380145F200@callas.org> <87iowvghx3.fsf@vigenere.g10code.de>
Date: Fri, 18 Oct 2013 00:57:25 -0700
Message-ID: <CAAS2fgS+Z_OmCzavCsSubQi3oaX-gUt9uv6Uio-rA-wpszF5Wg@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Werner Koch <wk@gnupg.org>
Content-Type: text/plain; charset=UTF-8
Cc: openpgp@ietf.org, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc6637.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 07:57:32 -0000

On Fri, Oct 18, 2013 at 12:24 AM, Werner Koch <wk@gnupg.org>; wrote:
> This is a minor drawback because introducing this
> latter would still allow to keep on using the same keys.

Beyond the obvious doubling the size of the keys for no increase in
security (and that implementers often make mistakes and do things like
fail to validate the points, which I guess isn't an issue for ed25519
as it is twist secure), it would make it gratuitously incompatible all
the existing (esp fast constant time code) implementations which work
on the X coordinate alone.

Thats unfortunate, if not the end of the world.