Re: [pkix] Updated elliptic curve drafts
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 27 November 2015 22:19 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78AD51B2C9C for <pkix@ietfa.amsl.com>; Fri, 27 Nov 2015 14:19:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ueoYoybX7gQp for <pkix@ietfa.amsl.com>; Fri, 27 Nov 2015 14:19:30 -0800 (PST)
Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0343D1B2C9B for <pkix@ietf.org>; Fri, 27 Nov 2015 14:19:29 -0800 (PST)
Received: by lfaz4 with SMTP id z4so141656027lfa.0 for <pkix@ietf.org>; Fri, 27 Nov 2015 14:19:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=oTWLXwyGDSXoF5rG5D2p4cSmJjaF7vPrjY6c1eKS3y4=; b=ZyA7/zNY1jLuwJzKUSe7k1mtVjpIxSl5u+DSy67juKakKLir9qwRR5yIpQTWtmDR7Q L9LPPtfcaw7oQgwLw1u9evqdldBLkhlN13x1lcjNtPVRo9GSMLyAOG3V50O3sqXHP/AG m/dTqAX2g217Kp7+dxhV20NZsz+iNIhU4r+woi4t5K7L1A5dNkQFzM16hQi4PZVnGFLI aYEQwrCowl35mgPucqfL77EvLwcZycvIVNGmGbbKz2QKd5MHlVm7mNCAMBOG8I2rfsaQ WZz9BndCY8ik14gc0hLgA5AkclDxM3mmPkrMHnPVr6b3LekTenlGhgN9q9YFrV2oXaxC wsMw==
MIME-Version: 1.0
X-Received: by 10.25.206.203 with SMTP id e194mr16756976lfg.166.1448662768036; Fri, 27 Nov 2015 14:19:28 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.1.227 with HTTP; Fri, 27 Nov 2015 14:19:27 -0800 (PST)
In-Reply-To: <20151016100547.0e375a55@latte.josefsson.org>
References: <87fv1fal6s.fsf@latte.josefsson.org> <CAMm+LwhDmnKFGWrcXP2N5W15uiazj+SiYNQvqviXz+6Fp442xQ@mail.gmail.com> <20151016100547.0e375a55@latte.josefsson.org>
Date: Fri, 27 Nov 2015 17:19:27 -0500
X-Google-Sender-Auth: wHJ_sfW7MHgEAz7DCOHDbTa0Lo8
Message-ID: <CAMm+LwhfNBfH6Oj8eq-Zn80MoCOYWQU8qJuWGk-NOOM_QMbheQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Simon Josefsson <simon@josefsson.org>
Content-Type: multipart/alternative; boundary="001a1141257eb030c705258d15a1"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/tmNbzsTINWj5lFg7-K_V8F3rGbI>
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] Updated elliptic curve drafts
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 22:19:31 -0000
On Fri, Oct 16, 2015 at 4:05 AM, Simon Josefsson <simon@josefsson.org> wrote: > > I strongly oppose any new crypto that does not include a fix for the > > ephemeral keygen. > > How is that concern relevant for a new PKIX signature/publickey > algorithm? I would assume this is relevant for TLS, OpenPGP, CMS, or > other higher level protocols, but I don't follow how anything could be > done at the PKIX level to help here. Can you elaborate please? It is quite straightforward. Any time you introduce a backwards incompatible change, you should look to fix any outstanding errors in the protocol. The design of the existing ephemeral key scheme is broken. Introducing an ephemeral secret should not reduce security, the security of the key should never fall below the security of the static secret even if the ephemeral is broken. Given the number of modes that TLS/1.3 has and given the probability that it is going to change, what I am looking for is confirmation that the principle is accepted and understood.
- [pkix] Updated elliptic curve drafts Simon Josefsson
- Re: [pkix] Updated elliptic curve drafts Phillip Hallam-Baker
- Re: [pkix] Updated elliptic curve drafts Simon Josefsson
- Re: [pkix] Updated elliptic curve drafts Stephen Kent
- Re: [pkix] Updated elliptic curve drafts Phillip Hallam-Baker