Re: [TLS] sect571r1
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 16 July 2015 13:19 UTC
Return-Path: <prvs=4639a037fa=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07FB91B3AF5 for <tls@ietfa.amsl.com>; Thu, 16 Jul 2015 06:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4U1llrVKGv8Q for <tls@ietfa.amsl.com>; Thu, 16 Jul 2015 06:19:02 -0700 (PDT)
Received: from mx1.ll.mit.edu (MX1.LL.MIT.EDU [129.55.12.45]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5B61B3AEB for <tls@ietf.org>; Thu, 16 Jul 2015 06:19:02 -0700 (PDT)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by mx1.ll.mit.edu (unknown) with ESMTP id t6GDJ1YH010935 for <tls@ietf.org>; Thu, 16 Jul 2015 09:19:01 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Viktor Dukhovni <tls@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] sect571r1
Thread-Index: AdC/yfrJMp+RfY8ndkeaEOui9clAdw==
Date: Thu, 16 Jul 2015 13:19:01 +0000
Message-ID: <20150716131909.17764416.60828.9646@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="===============1154061635=="
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-07-16_03:2015-07-16,2015-07-16,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1506180000 definitions=main-1507160204
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-0dbBCf37bmLNnqHkJVBS4ZLs8g>
Subject: Re: [TLS] sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 13:19:04 -0000
Damn the spell-checkers. I CONCUR. :-) Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Blumenthal, Uri - 0553 - MITLL Sent: Thursday, July 16, 2015 09:18 To: Viktor Dukhovni; tls@ietf.org Subject: Re: [TLS] sect571r1 I concurrent. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Viktor Dukhovni Sent: Thursday, July 16, 2015 00:08 To: tls@ietf.org Reply To: tls@ietf.org Subject: Re: [TLS] sect571r1 On Wed, Jul 15, 2015 at 11:52:13PM -0400, Jeffrey Walton wrote: > > An auditor who believes that we can rigourously quantify the security > > of these curves precisely enough to say which is stronger or more > > closely "matches" AES-256, should be laughed out of the room and fired. > > Maybe so, but it is what it is. The IETF is probably not going to be > able to change it. Well, the auditor can't ask for curves with TLS that the specification deprecates. So removing oddball choices will help users fend off clueless checklist-wielding auditors. A modest amount of diversity is fine, but I would posit that anything beyond a (conservative, performant, backup) triple is counterproductive. Between the anticipated CFRG curves and the NIST prime curves, I think we already have a couple too many. The way I see it: conservative = Goldilocks performant = 25519 backup = P-256, P-384, P-521 (legacy triple) All the above should ultimately be MTI, with each peer prioritizing either "conservantive" or "performant", and legacy peers do the same with "P-256" or "P-384" (with P-521 as backup for both camps). If there are signs that all these are about to fail, and we still somehow are left with some curves we're willing to trust, we can change the mix then. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] sect571r1 Tony Arcieri
- [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Benjamin Beurdouche
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Yoav Nir
- Re: [TLS] sect571r1 Eric Rescorla
- Re: [TLS] sect571r1 Viktor Dukhovni
- Re: [TLS] sect571r1 Deirdre Connolly
- Re: [TLS] sect571r1 Adam Langley
- Re: [TLS] sect571r1 Tanja Lange
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Dan Brown
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Rob Stradling
- Re: [TLS] sect571r1 Rob Stradling
- Re: [TLS] sect571r1 Martin Thomson
- Re: [TLS] sect571r1 Brian Smith
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Eric Rescorla
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Martin Rex
- Re: [TLS] sect571r1 Tony Arcieri
- [TLS] (selection criteria for crypto primitives) … Rene Struik
- Re: [TLS] (selection criteria for crypto primitiv… Tony Arcieri
- Re: [TLS] sect571r1 Dan Brown
- Re: [TLS] (selection criteria for crypto primitiv… Jeffrey Walton
- Re: [TLS] (selection criteria for crypto primitiv… Tony Arcieri
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Jeffrey Walton
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Viktor Dukhovni
- Re: [TLS] sect571r1 Jeffrey Walton
- Re: [TLS] sect571r1 Jeffrey Walton
- Re: [TLS] sect571r1 Viktor Dukhovni
- Re: [TLS] (selection criteria for crypto primitiv… Dave Garrett
- Re: [TLS] sect571r1 Yoav Nir
- Re: [TLS] sect571r1 Salz, Rich
- Re: [TLS] (selection criteria for crypto primitiv… Viktor Dukhovni
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Hubert Kario
- Re: [TLS] (selection criteria for crypto primitiv… Johannes Merkle
- Re: [TLS] (selection criteria for crypto primitiv… Ilari Liusvaara
- Re: [TLS] (selection criteria for crypto primitiv… Dave Garrett
- Re: [TLS] (selection criteria for crypto primitiv… Ilari Liusvaara
- Re: [TLS] (selection criteria for crypto primitiv… Eric Rescorla
- Re: [TLS] sect571r1 Sean Turner