Re: [TLS] Ed25519 for PKIX

Adam Langley <agl@google.com> Tue, 24 September 2013 15:34 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EE4421F99FB for <tls@ietfa.amsl.com>; Tue, 24 Sep 2013 08:34:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.806
X-Spam-Level:
X-Spam-Status: No, score=-1.806 tagged_above=-999 required=5 tests=[AWL=0.172, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yw18H+HiBzi6 for <tls@ietfa.amsl.com>; Tue, 24 Sep 2013 08:34:33 -0700 (PDT)
Received: from mail-oa0-x230.google.com (mail-oa0-x230.google.com [IPv6:2607:f8b0:4003:c02::230]) by ietfa.amsl.com (Postfix) with ESMTP id 9A20121F9A37 for <tls@ietf.org>; Tue, 24 Sep 2013 08:34:33 -0700 (PDT)
Received: by mail-oa0-f48.google.com with SMTP id m6so2312329oag.21 for <tls@ietf.org>; Tue, 24 Sep 2013 08:34:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=mIuWvLsUkCYPk2mmxj7McuFqCVNhh2u6nFwAYGEjWoQ=; b=gMfxzN8SYVGJhEk1D2MApRxf/A4ddvWMtxkd1+RZKZdzxQUegF+L3IcWGk82qAQdI4 E6dQOQ7ZTPbhojMmh8ytKDeBLmYNViDWQ8l3224wl6FQ76KuOXuAgRpJWzR5oTtgp6c0 cG7Un9lMg/xcKHIJ6zWreLDS0Xq/lRcXdG6SjLmAMrWIr4Ne6SzIYxkd+x9GrTHZivoi S0qhBsZc02ECp233zhcuFHz+TwijPy3dP1zM8lb3Y9wP9Q/tIrEdOrNbg/mB/kigYxhQ SjLykXB5mWSlD4B30ss8n8b7xl2KHoaj+4bKG/XmG6JoSuOb2BLJ2NrdjfBd81EcCo8u atRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=mIuWvLsUkCYPk2mmxj7McuFqCVNhh2u6nFwAYGEjWoQ=; b=K+TqFH0tbVObnllDIIfQqraASzD9tDRO02xyj415Y6H0AtgtjJNiRD1dlqr3+R8cs6 S+RA+lq550oMWc4LGMk0ciWA24tFzTOhkHOPGMp9m4+Cc6KqzrGEmOydf3NI8fF+CwbS koak6V5wyHPhQsVws98ShP+uzXnFRMjOfDJ5H8LoLUoNuqoG1CBz5HarfcoDdRz60crt MmlWI+cMd+62pApQI8UsWgUKDeNrfst8ZRFK0lrGKAxRw+9zpwc1vmS+waHp/zivnS+g 31rQIzMjMTwkze0ElsJZGEk1Xs6d16HoavFgtZu764BGMieppYgwFk8fRABbGgRsaflL IBWw==
X-Gm-Message-State: ALoCoQm9YHMbp0c9c06umPuelY3Qmlx5/zqq9V3ARyrocf6upVeFkbvt6xHT+n4TI96q5OU6rOpXLdabvmS/X1VTYjDPTieWglzIL1XecWPA5mGf2tAZerSMvrGwcx9VH66Jz1/ApGoKnft9Wgjz5KZqJ+j9fOyMkJ25HBWUhnkWTg4BRWSiHrixBYk5c/Mn+4UH/a8Ncgai
X-Received: by 10.60.45.102 with SMTP id l6mr8190821oem.36.1380036873010; Tue, 24 Sep 2013 08:34:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.79.105 with HTTP; Tue, 24 Sep 2013 08:34:12 -0700 (PDT)
In-Reply-To: <877ge6tf1w.fsf_-_@latte.josefsson.org>
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com> <522D25B9.7010506@funwithsoftware.org> <56C25B1D-C80F-495A-806C-5DD268731CD4@qut.edu.au> <87zjrl21wp.fsf_-_@latte.josefsson.org> <522ED9A7.7080802@comodo.com> <877ge6tf1w.fsf_-_@latte.josefsson.org>
From: Adam Langley <agl@google.com>
Date: Tue, 24 Sep 2013 11:34:12 -0400
Message-ID: <CAL9PXLz_Pw=V6C6nzSZCBgh-zBXdMo780enPqcEnkBWAY730aw@mail.gmail.com>
To: Simon Josefsson <simon@josefsson.org>
Content-Type: text/plain; charset=UTF-8
Cc: Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Ed25519 for PKIX
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 15:34:34 -0000

On Tue, Sep 24, 2013 at 11:28 AM, Simon Josefsson <simon@josefsson.org> wrote:
> Curve25519 is not directly usable with ECDSA, I believe, so OIDs aren't
> sufficient.  Ed25519 is more relevant, however it uses the EdDSA
> signature system instead of ECDSA so possibly more of RFC 5480 has to be
> duplicated/modified in order for Ed25519 to work.

Curve25519 and Ed25519 are the same curve - Ed25519 just uses the
twisted Edward's isomorphism of curve25519 to make some calculations
simpler and then builds a Schnorr-like signature scheme with it.
(Curve25519 implementations typically use a Montgomery ladder which
isn't suitable for some of the operations that the signature scheme
needs.)

(Indeed, one can use the Ed25519 code to perform fixed-base,
curve25519 operations faster than the curve25519 code.)


Cheers

AGL