IETF Logo Mail Archive

Re: [Sidrops] Signed Object signed with Ed25519 (RFC 8419 proof-of-concept)

Russ Housley <housley@vigilsec.com> Tue, 05 September 2023 14:22 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7513FC1516E3 for <sidrops@ietfa.amsl.com>; Tue, 5 Sep 2023 07:22:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LsmjyWYqlhIJ for <sidrops@ietfa.amsl.com>; Tue, 5 Sep 2023 07:22:08 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1022C151557 for <sidrops@ietf.org>; Tue, 5 Sep 2023 07:22:08 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id CEB75147A86; Tue, 5 Sep 2023 10:22:07 -0400 (EDT)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id BB7BF147470; Tue, 5 Sep 2023 10:22:07 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <ZPYCTXx5NUZB2hI4@snel>
Date: Tue, 05 Sep 2023 10:21:57 -0400
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <DB3B279F-4A86-4E5F-BB98-8688B3753371@vigilsec.com>
References: <ZPS/VK+6Q8a4dHgA@snel> <C61DCBC1-E2E5-4A70-A980-687BAFEDCD8B@ripe.net> <ZPW+682GaAFXymLo@snel> <B74CB6F2-F299-4750-A412-2EEADD0CCFA5@vigilsec.com> <ZPYCTXx5NUZB2hI4@snel>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.700.6)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/K--0O_IOKRiYZRvVyY_Urt32sHs>
Subject: Re: [Sidrops] Signed Object signed with Ed25519 (RFC 8419 proof-of-concept)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2023 14:22:12 -0000

Job:

secp256r1 curve is also referred to as prime256v1 and P-256.  Personally, I think P-256 is easier to remember.  The NIST Prime Curves are used in many, many places.

I do not know of anyone that is using the NIST Koblitz Curves.  NIST SP 800-186, Section 3.3 says:

> This section specifies elliptic curves over binary fields where each curve takes the form of a
> curve in short-Weierstrass form and is either a Koblitz curve (Section 3.3.1) or a pseudorandom
> curve (Section 3.3.2). Due to their limited adoption, elliptic curves over binary fields (i.e., all of
> the curves specified in Section 3.3) are deprecated and may be removed from a subsequent
> revision to these guidelines to facilitate interoperability and simplify elliptic curve standards and
> implementations. New implementations should select an appropriate elliptic curve over a prime
> field from Section 3.2.


Section 3.2 includes the Prime Curves in three different forms.

Russ


> On Sep 4, 2023, at 12:14 PM, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
> 
> On Mon, Sep 04, 2023 at 09:26:37AM -0400, Russ Housley wrote:
>> Job wrote:
>>> 
>>> Which RFC specifies the parameters to use with ECDSA in CMS?
>> 
>> I think you are looking for RFC 5753.
> 
> Thanks!
> 
> Am I correct to interpret RFC 5753 to mean that secp256r1 (aka X9.62
> prime256v1, aka NIST P-256) is recommended over secp256k1 for use in CMS?
> I see no mention of secp256k1 in RFC 5753.
> 
> For comparison I generated a secp256r1 variant of the same ASPA object,
> it clocks in as the second smallest:
> 
> RSA EE w/ RSA CA:              1701 bytes [1]
> secp256k1 w/ sha256 w/ RSA CA: 1463 bytes [3]
> secp256r1 w/ sha256 w/ RSA CA: 1284 bytes (attached)
> Ed25519 w/ sha512 w/ RSA CA:   1281 bytes [2]
> 
> The 179 byte difference between secp256k1 and secp256r1 is caused by the
> secp256k1 public key being encoded differently. The secp256k1 public key
> is encoded in 'explicit form', this means that in addition to the 64
> byte public key, also a large prime, A & B fields, an uncompressed
> Generator field, and an Order field are encoded.
> 
> Kind regards,
> 
> Job
> 
> [1]: https://console.rpki-client.org/chloe.sobornost.net/rpki/RIPE-nljobsnijders/5m80fwYws_3FiFD7JiQjAqZ1RYQ.asa.html
> [2]: https://mailarchive.ietf.org/arch/msg/sidrops/CG2BWxOa6Ly8F0huOULIBd4hGEc/
> [3]: https://mailarchive.ietf.org/arch/msg/sidrops/5IpqPtnJlhVr2BztFxuNnV6xNck/
> <prime256v1.asa>_______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.20.3 | Report a Bug | By Email