IETF Logo Mail Archive

Re: [pkix] Edwards/DJB curves - New PKI(X) work?

Michael StJohns <mstjohns@comcast.net> Mon, 18 August 2014 18:20 UTC

Return-Path: <mstjohns@comcast.net>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25C551A0894 for <pkix@ietfa.amsl.com>; Mon, 18 Aug 2014 11:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.171
X-Spam-Level:
X-Spam-Status: No, score=-2.171 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MISSING_MID=0.497, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfFa8QKVPKkc for <pkix@ietfa.amsl.com>; Mon, 18 Aug 2014 11:20:53 -0700 (PDT)
Received: from qmta08.emeryville.ca.mail.comcast.net (qmta08.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:80]) by ietfa.amsl.com (Postfix) with ESMTP id E916C1A0747 for <pkix@ietf.org>; Mon, 18 Aug 2014 11:20:52 -0700 (PDT)
Received: from omta23.emeryville.ca.mail.comcast.net ([76.96.30.90]) by qmta08.emeryville.ca.mail.comcast.net with comcast id gDna1o0031wfjNsA8JLs45; Mon, 18 Aug 2014 18:20:52 +0000
Received: from Mike-T530ssd.comcast.net ([68.34.113.195]) by omta23.emeryville.ca.mail.comcast.net with comcast id gJLp1o00A4D0RQL8jJLrKV; Mon, 18 Aug 2014 18:20:52 +0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 18 Aug 2014 14:20:49 -0400
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Anders Rundgren <anders.rundgren.net@gmail.com>, pkix@ietf.org
From: Michael StJohns <mstjohns@comcast.net>
In-Reply-To: <53F20D4A.1060605@cs.tcd.ie>
References: <53EC3F1F.6090706@gmail.com> <53EC9E72.8030701@bbn.com> <53EC9F34.7090403@gmail.com> <53ECCCE4.2060603@secunet.com> <53ECDE4F.6020009@gmail.com> <53EDB8F3.3020400@secunet.com> <20140817032441.012621A0066@a.mx.secunet.com> <53F1BF84.6010504@secunet.com> <53F1E2C6.2040100@gmail.com> <53F1E562.1040208@cs.tcd.ie> <53F20C52.4010607@gmail.com> <53F20D4A.1060605@cs.tcd.ie>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1408386052; bh=mxv6Yf1V9rNUANOBtJl652dumhvS8q1D/+3/es4G4Fw=; h=Received:Received:Date:To:From:Subject:Mime-Version:Content-Type; b=io0EPjQiebfy6LErZVBBJCMo4ig96eMWNXjmvfublLMVmgu3bJrHJ8KbSQph5gZl4 qOTfZOZGl7KHUa6ugFoOFr7iuZWixn4yHjqZWlDh0WPDchyu825c+rnXJqx1xcV3lN PcVChXHWQgasKHPBIIZPK7gN5uI5t7ecKBcCnt5BuMavk/1hKztlJey8d9KSnEP/jm h/4/r+BJ7Wgyl62tHKuaCeae5YuJbLk19t6OuNUiL++4LYZ+J9gir/Ic8MvpcmY1LK UQ5/9BlpRJZY2p+KIWXXEdzaDc41J4+S/bVbmJJb3zQLbVwf/q88nnI6Jk9zAMyiD/ w5556sAJF8+FQ==
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/mLSbKZSieIGJ-tGUSaUscvzKpRA
Subject: Re: [pkix] Edwards/DJB curves - New PKI(X) work?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Aug 2014 18:20:54 -0000
X-Message-ID:
Message-ID: <20140818182056.29536.86709.ARCHIVE@ietfa.amsl.com>

At 10:27 AM 8/18/2014, Stephen Farrell wrote:
>> 1. Creating external representations of Keys, Curves and Algorithms that
>>    can be reused by various standards in development or in need of a
>> "refresh".
>>    This is actually a bit urgent since the using systems are designed
>> *now*.
>
>I don't agree. Some of the CFRG discussion may touch on that
>so getting ahead of them here would be a bad idea. And CFRG
>have set themselves a target of getting back to the TLS WG
>before November, so I'd recommend a bit of patience for now,
>for this part of the puzzle.


There's at least two different things going on here - the possible selection of new curve/math/etc, and the representational aspects of those choices.  I've been commenting on/arguing about draft-turner-thecurve25519function with the authors and realized during that interaction that our process is really rather poorly set up to deal with these two items appropriately.

For example, the math in draft-turner... has no dependency at all on endianess (pretty much every element of the system is a bignum integer), but there are about 5-8 lines that state an absolute requirement that the representation of those elements when externalized be little endian.  Indeed, there have already been several arguments about representation of Curve25519 elements on the TLS mailing list and elsewhere.    I'm somewhat disturbed that this non-WG, non-IETF, CFRG draft could end up setting (or strait jacketing) representations for all IETF protocols without input from those involved in the protocol formation.

I guess the question comes down to competencies.  I believe the CFRG competent to rule on the security of the math.  I would suggest that it may be outside CFRG's purview to be directing protocol representations.  But the CFRG is not set up to handle the wide participation necessary to discuss representational forms nor would I really want it to be. 

So getting back to your point above - happy to have the CFRG pick the math.  But PKIX/TLS/IPSec et al should get a say in on-the-wire representation.  If we can keep those two separate in the decision process, I expect you'll have less dissent in later stages.

Mike

v2.23.0 | Report a Bug | By Email