Re: [TLS] Call for WG adoption draft-josefsson-tls-curve25519

Rob Stradling <> Fri, 29 May 2015 21:33 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id BC6151A8939 for <>; Fri, 29 May 2015 14:33:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id W5Enh6aPkQsz for <>; Fri, 29 May 2015 14:32:59 -0700 (PDT)
Received: from ( [IPv6:2a02:1788:402:c00::c0a8:9cd5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4FB411A1A0B for <>; Fri, 29 May 2015 14:32:59 -0700 (PDT)
Received: (qmail 14479 invoked by uid 1004); 29 May 2015 21:32:57 -0000
Received: from (HELO ( by (qpsmtpd/0.84) with ESMTP; Fri, 29 May 2015 22:32:57 +0100
Received: (qmail 24498 invoked by uid 1000); 29 May 2015 21:32:57 -0000
Received: from (HELO []) ( (smtp-auth username rob, mechanism plain) by (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Fri, 29 May 2015 22:32:57 +0100
Message-ID: <>
Date: Fri, 29 May 2015 22:32:56 +0100
From: Rob Stradling <>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Simon Josefsson <>, Yoav Nir <>
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Call for WG adoption draft-josefsson-tls-curve25519
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 May 2015 21:33:02 -0000

On 29/05/15 22:01, Simon Josefsson wrote:
> Yoav Nir <> writes:
>> Me too.
>> I notice that while the draft doesn’t say that explicitly, it uses
>> existing *_ECDHE_* ciphersuites, so that no new ciphersuites are
>> required, despite the fact that this ECDHE has different point formats
>> and different back-end math than the existing ECDHE.  I wonder if we
>> can also get away with using *ECDSA* ciphersuites for EdDSA
>> signatures.
> This is an interesting idea, thanks for mentioning that.  It would ugly
> for "ECDSA" in a cipher suite name to not actually mean that ECDSA is
> used, but it is a valid engineering tradeoff to sometimes prefer ugly
> things that simplify over beautiful things that complicate.

The TLS 1.3 draft renames the Supported Elliptic Curves extension so 
that it can contain non-EC groups.  So renaming things in the IANA TLS 
registries doesn't seem to be prohibited, AFAICT.

Could we rename the TLS_ECDHE_ECDSA_* cipher suites so that they're not 
specific to ECDSA?  (TLS_ECDHE_EC_* perhaps?)

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.