Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc6637.
Gregory Maxwell <gmaxwell@gmail.com> Fri, 18 October 2013 07:57 UTC
Return-Path: <gmaxwell@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDBFC21F9F1B for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2013 00:57:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1e+dvlpDLgA for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2013 00:57:31 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 148F321F9F5B for <openpgp@ietf.org>; Fri, 18 Oct 2013 00:57:26 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id hp15so366731lab.38 for <openpgp@ietf.org>; Fri, 18 Oct 2013 00:57:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=H/K1FCk/DTzSYVP6tYYRs3NpkA2Qd8OyuX9syaTei/k=; b=rmPs4OrPfDrN1lfrpGh5SOGK1tBOV+YS2lslo+I8ufVKg3LnQI1GKkIcellx85vaaU 2qqYUOe0VDG/fGv6axGrdrUdHCcf1AgPWGzfFIcY7sdGVrPX6y2ZBVVEUwigEbbUXTmi qeNUztYYrcvSi9N0qPuj+PekgTK4aaAnk0nQxSGhnFbxLfssqNNPDDXulreyhVbx40X+ zIw7HtKitMcHu4ofgElHzGV8aY+KrPl8J3DkvwmOmQ/1sbCBstbtHM8h4El1k6Ainutn HTRV/M55etqpztM3t4MiSJalv4GBZnD/4hkcOqhy4dr3EjeaSrtxcNcCr5UMgpdE/4Yf SsBA==
MIME-Version: 1.0
X-Received: by 10.112.138.37 with SMTP id qn5mr123461lbb.52.1382083045788; Fri, 18 Oct 2013 00:57:25 -0700 (PDT)
Received: by 10.112.89.72 with HTTP; Fri, 18 Oct 2013 00:57:25 -0700 (PDT)
In-Reply-To: <87iowvghx3.fsf@vigenere.g10code.de>
References: <CAAS2fgRG2AbZsz_4aF33Pd167M4-6=-73WAAgxTAjLMdoGNLeQ@mail.gmail.com> <CBE39208-C436-4145-A645-10380145F200@callas.org> <87iowvghx3.fsf@vigenere.g10code.de>
Date: Fri, 18 Oct 2013 00:57:25 -0700
Message-ID: <CAAS2fgS+Z_OmCzavCsSubQi3oaX-gUt9uv6Uio-rA-wpszF5Wg@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Werner Koch <wk@gnupg.org>
Content-Type: text/plain; charset="UTF-8"
Cc: openpgp@ietf.org, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc6637.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 07:57:32 -0000
On Fri, Oct 18, 2013 at 12:24 AM, Werner Koch <wk@gnupg.org> wrote: > This is a minor drawback because introducing this > latter would still allow to keep on using the same keys. Beyond the obvious doubling the size of the keys for no increase in security (and that implementers often make mistakes and do things like fail to validate the points, which I guess isn't an issue for ed25519 as it is twist secure), it would make it gratuitously incompatible all the existing (esp fast constant time code) implementations which work on the X coordinate alone. Thats unfortunate, if not the end of the world.
- [openpgp] Curve3617 in OpenPGP? Beyond rfc6637. Gregory Maxwell
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Jon Callas
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Gregory Maxwell
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Werner Koch
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Gregory Maxwell
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Werner Koch
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Gregory Maxwell
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… ianG
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Andrey Jivsov
- Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc663… Werner Koch