IETF Logo Mail Archive

Re: [pkix] Edwards/DJB curves - New PKI(X) work?

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 14 August 2014 16:05 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A62F1A0832 for <pkix@ietfa.amsl.com>; Thu, 14 Aug 2014 09:05:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lEUip_cAANcA for <pkix@ietfa.amsl.com>; Thu, 14 Aug 2014 09:05:51 -0700 (PDT)
Received: from mail-wi0-x22c.google.com (mail-wi0-x22c.google.com [IPv6:2a00:1450:400c:c05::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5129B1A082B for <pkix@ietf.org>; Thu, 14 Aug 2014 09:05:51 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id n3so9170830wiv.11 for <pkix@ietf.org>; Thu, 14 Aug 2014 09:05:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=Y6hqjGtA7PQAiOA524o0kU2wT0L5YUNF4nhI1baZprQ=; b=H2IGeY2X1ayVQwxS4Fi6APLlYfrKVdyMYUln8G5YSA6ukqN29J8kGbhaUs0s/vai0P dawmwhsNBUd7Qdx4HUkJuTEvyD66k+M5Q3qyQlptNk4Scj4FRU33t2nS9MptQTD4XS3N 9uCn5AmTgsOBkDZCdAi1tijNTUGFa2jNN8XBHZFL6L+KWEVMtzfZHJzTHLLIUhbS0yJr ofkLiVq7BvWjODCC6NrBRgDDev5b6wWe4EV85A7r/fnOgv9q6vmDLnN4piRWVpwtFSXY 3pFmjjgIyiNLB88hUdIpglmtroE36j/VKJO0G0cwzIUym+Unb9L5k7+m6/roIUvgWTdw Vd8Q==
X-Received: by 10.180.24.35 with SMTP id r3mr13242793wif.71.1408032349147; Thu, 14 Aug 2014 09:05:49 -0700 (PDT)
Received: from [192.168.1.79] (6.196.130.77.rev.sfr.net. [77.130.196.6]) by mx.google.com with ESMTPSA id jx10sm12338683wjc.7.2014.08.14.09.05.48 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 14 Aug 2014 09:05:48 -0700 (PDT)
Message-ID: <53ECDE4F.6020009@gmail.com>
Date: Thu, 14 Aug 2014 18:05:35 +0200
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Johannes Merkle <johannes.merkle@secunet.com>, pkix@ietf.org
References: <53EC3F1F.6090706@gmail.com> <53EC9E72.8030701@bbn.com> <53EC9F34.7090403@gmail.com> <53ECCCE4.2060603@secunet.com>
In-Reply-To: <53ECCCE4.2060603@secunet.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/eY4zqZgAsXvpOW3FODLus21Xws0
Subject: Re: [pkix] Edwards/DJB curves - New PKI(X) work?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 16:05:53 -0000

On 2014-08-14 16:51, Johannes Merkle wrote:
> Anders Rundgren wrote on 14.08.2014 13:36:
>> But the inclusion of new algorithms in X.509 structures sounds
>> like a PKI(X)-like task.
>>
>
> Well, "new algorithms" is not exactly the right term for introducing a new curve representation; it's rather a new
> semantic of public keys, digital signatures and cryptograms. (There are some people on the CFRG advocating
> standardization of simplified ECC-based signature algorithms, like Schnorr signatures, but currently, the discussion
> focuses on curves and their representation.) But essentially, you are right: if we want to use new semantics in PKIX,
> new specs for X.509 certs / CRLs, for CMS etc. would be needed.

I'm not a cryptographer you know :-)

Anyway, wouldn't you need algorithms also like EdDSA-SHA256 or would ECDSA-SHA256 apply?
Again, pardon a non-cryptographer for asking stupid/strange questions...

Anders

>
> However, it is yet too early for action. It is not yet clear, what exactly CFRG recommends to the tls WG. Even if
> Montgomery curves or Edwards curves are chosen, there is still the option of using traditional (Weierstrass)
> representation / semantic on-the-wire, as transformation is quite simple. See
> https://www.ietf.org/mail-archive/web/cfrg/current/msg04816.html
>
> Johannes
>

v2.23.0 | Report a Bug | By Email