Re: [pkix] Edwards/DJB curves - New PKI(X) work?

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

On 18/08/14 19:20, Michael StJohns wrote:
> 
> I guess the question comes down to competencies.  I believe the CFRG
> competent to rule on the security of the math.  I would suggest that
> it may be outside CFRG's purview to be directing protocol
> representations.  But the CFRG is not set up to handle the wide
> participation necessary to discuss representational forms nor would I
> really want it to be.
> 
> So getting back to your point above - happy to have the CFRG pick the
> math.  But PKIX/TLS/IPSec et al should get a say in on-the-wire
> representation.  If we can keep those two separate in the decision
> process, I expect you'll have less dissent in later stages.

Sure. This isn't really that new though - algorithm RFCs tend
to be a little odd anyway in that they're often "imports" from
elsewhere, in this case the elsewhere is a bit closer (and new
curves are not quite the same as new algs). But in any case,
yes, we'll do the right thing.

That could be to separate the math and the on-the-wire stuff.
Or it may make more sense to keep those in one doc. In the
latter case we can make sure there's an IETF LC by simply
making it an IETF doc (as Steve K. mentioned in his mail).
Or it could be done by taking an experimental CFRG RFC and
putting that on the standards track via an IETF LC for that.
I doubt that latter would make sense but just note it to make
it clear we do have all the process tools to do whatever
ends up being needed.

That said, I do hope that we all take proper account of running
code where it exists and get involved in the discussion in the
right places at the right times so that this all doesn't take
twice as long as it needs to. (Sadly we're all quite good at
making that happen;-)

I suspect in practice it'd make most sense to get comments on
endianness etc around the time CFRG are finishing their work.
And then we can figure out process stuff so's it works out.

Cheers,
S.