[saag] Re: The curve mess, and lessons for more crypto
John Mattsson <john.mattsson@ericsson.com> Mon, 09 September 2024 12:41 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF4FC14F5E3 for <saag@ietfa.amsl.com>; Mon, 9 Sep 2024 05:41:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bo-sPMDwzrfN for <saag@ietfa.amsl.com>; Mon, 9 Sep 2024 05:41:33 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2079.outbound.protection.outlook.com [40.107.20.79]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7628C14F61A for <saag@ietf.org>; Mon, 9 Sep 2024 05:41:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=V0R8srgIKwE/8JjYJvDDVYWD/cUZZqpFpavQYm5fYig8TydkfHEqCwM4yi8TPerh2VCwH2fJpImWT2hXpT8HMPidSZ6nAUw8u+RGBuw2WQIsAGZBWlQXPfPAc/HaxNtTNr/jtCmepdsv+8HRXYQNekCs70V10kQ9gcEK725eUjls/ilEwHBVezH7sdAzBG9VFHouz7hTwU+4jazueqBY6GyGXwIqj1Zs+UbqVi73NBubXf0U+LNGbw8g74GGBvRdtI2TKB2IfFGU2IY3QhdgKvcQy5cYBkK4Hwo5zyv5m4Dg90RCbCKLDWRh2iG6sgaNF5pp1tsC35oXlrO6tiDpRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sX1wCdyVvka8S1Ovv1blMfUyllrWUcn7/jjFbYBZ1h4=; b=DyVWBlExVpmMx4Xk7Ce6ahtau+jvgiH9rXyNAzkD6JtX9AJSXpNPa1rH2VS5pZCOAms3lHcd/JvsePzFPEMUBSDV8ztovi806BTA/QsbR4NJmk4znico58CmOJKNNsjsLDhxXojKEFzPkXsGucL/doS5NPVnD940jGxL3FWkOU4v+IZdXWmOSAeYkYjcP8/ceTxLE5lqQA33Y9qSOVugS/L2MHCUO+lrez8fj5REwUDu+KJxH3OIMJEtVvUaKkfjRQ6AwF4K4Jr+E5zb6b79y9zkyOP4B46HEnD+X6T04XBfQJylt4P1EsswRpvMSiYne/9Oa9++5MhlniSXrpjzzA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sX1wCdyVvka8S1Ovv1blMfUyllrWUcn7/jjFbYBZ1h4=; b=szT5o9JjOIsnH6ou0NRn77hfeRq5EKGKLaX9lHKTNZWnJ3/ctAnWbUBeKhTbI2rnOgOemMm6WiQKPlDE38js39qTmgIHxxc0ymLf/5f0X+BDbZY1uF8CtDu9BDAvecsDMZJGj4jZS6V+cJfQ/ENNIUOfhJD+m5nQH5uZfuBhszorDW0+IaQB12aIXpWGRAuoBHz3qcaT+whk5RuLVtFBiOzUJayXf28SHG8F09sV06QSXUFSQ3SzsBhS+0tfc/tI4lfS32YRVsNxgW0ZAjdXo/h3xDw4EU5L4ZsfSSK1o6jhA8oOji89m9Jd+hL4xDgq16HmXtj7ESnmhVWJaG40Qw==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PAXPR07MB8700.eurprd07.prod.outlook.com (2603:10a6:102:246::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.23; Mon, 9 Sep 2024 12:41:29 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%4]) with mapi id 15.20.7939.022; Mon, 9 Sep 2024 12:41:29 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] Re: The curve mess, and lessons for more crypto
Thread-Index: AQHbAljhrtH1gPwgg0eoKDEVvfQ9fLJPCryAgABZVTU=
Date: Mon, 09 Sep 2024 12:41:29 +0000
Message-ID: <GVXPR07MB9678B21345E500D796DEDB2389992@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <CACsn0c=GFSsZm01jgtE9Xu5_BKhbpD8ZDxKUhv+ebxT3EJMHuw@mail.gmail.com> <9e05c9d3-2ec7-44f9-b459-dbea64264a2e@cs.tcd.ie> <CAOp4FwQJ=ue2+ELNwAckhtU+vzyP+y2x8JYAuonOROnPpjo4Lg@mail.gmail.com>
In-Reply-To: <CAOp4FwQJ=ue2+ELNwAckhtU+vzyP+y2x8JYAuonOROnPpjo4Lg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PAXPR07MB8700:EE_
x-ms-office365-filtering-correlation-id: a508839a-b8c8-462e-93c3-08dcd0ccb9ff
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: J3vZODVQPc4X7eNWPOQ0ilQeBz9bYzrhkVeLqbhyrw6hihPokKspghGFwDJRrooBc+gqh4LEKAJJldZVxlEWTbxiK5eLv8Whqobq653BtKodmd4sblZ1GDc2c6zOEaCNg42KnSt3gvQ71RHOaCFN3dqTcACzF4nRo7CbP4yLQ/7V83UECgWx9qL/CloKt8InW8zxCvMmg5gVAiJWOE2F8EoH3HrEapJJaG1jhwHBAAgxZQhWdjHLbwTOb6k0E1slglL3Wv6foqDte3MjKSXO9RAQ1DPNQk+JA9ta17xrP+kh8XE8Q7DO2SvvOTiLXkN7pvnFzwBJKf9NyD/Q72fiHZFQlOUY9ESyDjKu5OWhUQQS6WUDDaliqFoHCxmlJBpe4PgDOx4E7BAKfjFoqHK59Nyf5V+n9CzLzVKTy6SiL54My7r6ifIUS7wuYF8PB996okqWj7TOKALJ9SNHZie3yoOOUgxwnS8fZpejbnn7Bi2X4fqjdIfsu3KnDMhUWoxV49k7gnMvpkfqW7EcFwlSLuaoFp6Jog54hIjmIbS1mdP0BkUvyjiZWMvD+/BBMT+U83rv/UT+9t7+/YiFLWZA4H0+S/46s53k0fBq3y20xyNz3DsOOgT8MMFOpLL6WafI4VteJZE2Znn7MsPQZmaGuJU+dJmmf03QjhYdY4nc785LcDL9Y5F6nymrrer2/Tdgr6My1PiYPtXnm1tc9P3i2YedS23SlNpiJjSChZ2OH1bCT/gGMtDXMCbgX3RUtOW+Y/TiWq+gUmydu8qvdMBump8gk/2l9EsOLWipNsHM5ro19rMrfKbakHnOMGuYH+vJRDG2DG7Y/ZKzYS+3rvl6B4nNY0TdiXhCU/d5CYcuBFYOggDfoOKEZr4rwi6rsYIsxr4eI9jxabeAZo9Lx8mHAZ+iaggQp6gf8Qjj161iowo9IA2WG5uMY5sJGzTeOWzmQBsW5vIpjS3jWuQ1ejZH4VviyXeV1YMNX9FTZK5TPCFKtESRxrzcJ3Bo0pm2abCwnqCp5BNS41rwzWae6g/76LozeyhkAEh+8UYrWTQmFYP7c+TbMLNkXM5dIdcCltveqcqFtm357L00YSr37L2t+Ril6yW0H0Jluq3r8lSVQP9KrjyxgtGLOkLBxR/DRTjikVIhDUH9MW/bnhKqp07lbcstGHH9R8yUtjILAJaRfVwWuq7EyB23/oIMaehiD0acFvhUUSwMqWN4F+SBC92BL7zBmIukyUuodcQZgPJFdTnuTc+3k03j1TBuNnhxhpl7ut9T5bAhwUwAnzeGyR0YpRBgaR1IA7D92oW6DkwrzystAeUyfEz+YxFENlTXRLYreZXOS/E2uqRR7wWTBA9yGvdxM6JQAKIyO/YWt6ep4zdQ4tM7NlYQpiWypdUS/Wl11SHP76daFehcQPbZf7qD4w==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2DRFC0/VPCzHPE6XLNJ8vWdSYCXdPzsfqULg9rSbtughpp03tHf+iC2db0RNl/FlEVc9cmVwQxGADPYAzDQ1Z9IcElDiHX8b7q2UrGE5tvhkouSeYVLU8cy6nNHK4WAgxvDef9V095xz/CadpA9m3HVWV/gemIi2SxCWpCizleanOBj82b84Vg66TU8+ssdB9gRAvosUkopHI+wgKOfykLzb+f2Oz+AQF6gV57t/Om+0mgq8g8frlr+ufE9XahQvIqyFhm7c5iYTYjHHZ/vxsv+h+I1j+oehzSS5BBNJwiWVUFxZsOkIaF4xOgFOKgGnlTqXwmtjlZxQzZ+rfbVlvzgK5WIE9igFmnHHK2OZm+3tIv/Ofro/p6L9/c89dFsBXBVVWb5RA1obnOmPaBPJVXpJ20sgeH0/r0VZkNvKVevLrKmhtJtvIwU1qqaACMjyKb4kqe00dCDxQxlqKzehpo35DK0XL3r3gntAfxQ928Soue9SutJ+7p9phMAaNuT8xyjDmZHqJeDUPPGEK/AAjxriQ7ckBXon4jX1qQ2ncexcjXC+4cp11Xi2sep4u3jEUd4pegxwMS9LmP3wEYC8iN6phTWsYjsa+tdYgOOBSaIWCsPODxGaRQBZaWIMsP6buufwcYli8TXJsRVIwc9HIveMm1idPVbEDEphebTbNq52EMSsAdPTF+MESrRS6oRgfl73Wu8ksBNszQZ8d9COxEjT24tt6MQz6C3k6XI+3TvW5l8GeNiZTAZv06d40HFKTWN3sSQNhaJknk0ZqYgU8fi0RtHnYXavtKKPclV1JkgWA4We3YygLu9IMoC4Kp0KTisojdMuVAHVcXc/c53/sKL7DJa/+hi3DS+VB7Lia6DWXPyetS+sHROQaGxZNtyww1nrWPvoHcCRHcaJj9iOT1uMJVfB0rNZ+dstsvNaq8nAqZ6UJwoOLux1rDixD98R3TPruD+61iSnq0Kz+cgirMg1uwRtppUkaj0eF8YIAFRDcLK/SmSs+a4BrmZnwLh51o9u4VRHITpHAYNUCzRrpEVHjkizYjUVl5R0rkMVW6jIkQHqleCGp6mlPHI4TndmFyjd2mFrDALRuUMmxK9mt0+Ku7Era/PTTckX8xKfnmWFm+srS+O6Zb3nMF6jVBtMafhjesL8Ionr5hikRGuWPOzU4x/kESO0OYgD7oNRE3bR+FlOaFkdiwPRvFdZubO65gi1Z0vk8n5FYgFdJuDPQoLXt2DBdjq+mp1yYNLteHx6xQ7Q8G7gpLTsMvz+CT51qnxJBfcHjiNskSLGPCENZlyEBufI4FJ+3yd09b0pYoyVFURSaYj97zPt2rOWfemgkU0ThE+KlRP/woO2D1c6ym7L5afVU4t6D5sztOLY9fcJDXIFqY8w9eSwkd2H4J+K9rDdmMQoM56IpV8UylOO2al2EvFv0RQC0ygHIY0K21OhG1hEK3hlJ6r5zwl5gqEF0pCHzc6FyR243qPVasEg3+Tfw4MmO0g+UB/WyDu3+k9BY/vkSwSDlKPDHU8xbm1J9vYv2gQoJNAdfuDyQWBcmrfqqXBUukGddK56pF7dstafTtphyfko5iU8E0VM6XVS5Ycp/JChl7KNA1KZr7fgoJIIa/q2aeXIf0dLZY0EJhQ=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678B21345E500D796DEDB2389992GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a508839a-b8c8-462e-93c3-08dcd0ccb9ff
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Sep 2024 12:41:29.1700 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TlDl6aN0696LmE1mEv9GGHvmfdgwfjfrt2I5ChACGiK9PxvZo6r/v+MB4HHatUW9LLpnitkama+gK92lHyZwLUQEGU6iW6lvAXxLas3QSQg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR07MB8700
Message-ID-Hash: RSBW7DK7DQA5WINEDJESB4K2EW2SDCD6
X-Message-ID-Hash: RSBW7DK7DQA5WINEDJESB4K2EW2SDCD6
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [saag] Re: The curve mess, and lessons for more crypto
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/oiaa-j-vfLut_HDBW-wGuC60ixQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>
Michael Richardson wrote: >I also think that we shouldn't elevate NIST to a position above other national standards bodies." We definitly should not. Doing so severely hurts the view of IETF as global SDO. That said I think there are very different types of comments when referring to NIST: 1. IETF should not specify use of NTRU Prime as NIST is soon producing an open-access specification of the superior ML-KEM. 2. IETF should not use the superior X25519, Argon2, Adiantum etc. as NIST only allow P-256, PBKDF2, XTS-AES. I strongly agree with 1 but I think comments like 2 should be ignored. Watson Ladd wrote: >For the past 9 years we've all tried to forget the fiasco I don't know about the process, but the outcome was definitly not a fiasko. RFC 7748 and 8032 have seen use in TLS, 5G, IPsec, etc. much/none of that would not have happened without a CFRG specification. My company is fine with a NIST or CFRG open-access specification, but would very likely not have used Curve25519 or X448 without a CFRG specification. Watson Ladd wrote: >Therefore we should avoid having contests I agree, contests leads to very little collaboration and a lot of people are sore losers. Stephen Farrell wrote: >FWIW, I definitely do think the IETF ought document reality when that reality is widespread use of some credible cryptographic scheme, e.g. for SSH. To some degree, but SSH is a weird case. SSH is an IETF standard but SSH companies are driving almost everything outside of the IETF. You can't have your cake and eat it too. Either discussions should happen in the IETF or SSH should no longer be an IETF standard. Right now IETF is giving prestige to protocol that more and more is a propriatary protocol developed outside of the IETF. Cheers, John
- [saag] The curve mess, and lessons for more crypto Watson Ladd
- [saag] Re: The curve mess, and lessons for more c… Watson Ladd
- [saag] Re: The curve mess, and lessons for more c… Loganaden Velvindron
- [saag] Re: The curve mess, and lessons for more c… Michael Richardson
- [saag] Re: The curve mess, and lessons for more c… Kampanakis, Panos
- [saag] Re: The curve mess, and lessons for more c… Peter Gutmann
- [saag] Re: The curve mess, and lessons for more c… Stephen Farrell
- [saag] Re: The curve mess, and lessons for more c… Peter Gutmann
- [saag] Re: The curve mess, and lessons for more c… Stephen Farrell
- [saag] Re: The curve mess, and lessons for more c… Loganaden Velvindron
- [saag] Re: The curve mess, and lessons for more c… John Mattsson
- [saag] Re: The curve mess, and lessons for more c… Loganaden Velvindron
- [saag] Re: The curve mess, and lessons for more c… Paul Wouters
- [saag] Re: The curve mess, and lessons for more c… Watson Ladd
- [saag] Re: The curve mess, and lessons for more c… Phillip Hallam-Baker
- [saag] Re: The curve mess, and lessons for more c… Michael Richardson