Re: [TLS] Safe ECC usage

Michael StJohns <> Fri, 18 October 2013 16:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3663D11E831B for <>; Fri, 18 Oct 2013 09:35:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_BAYES_5x8=0.8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pG8qU-7twKxg for <>; Fri, 18 Oct 2013 09:35:50 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id CD08121F89A5 for <>; Fri, 18 Oct 2013 09:35:49 -0700 (PDT)
Received: by with SMTP id l13so2821733qcy.18 for <>; Fri, 18 Oct 2013 09:35:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=BQ5H+KhAzMo+s2jSHHwObPIij67t/8seJjXcKYcvG64=; b=hfUF0O4oLy/CHNVrfNfps7s7pCRVeVzJrthE1WgtzlykgQxebaqN5KPJ83kDfG2U6Z w7ROfl6ESSXQZV6kOYaWU2WH2c6KUv0a00G81E/FAPYoAG666hdDzj/De+UVmBscuXjv ubbKganlj+glp5f90pQaOZP1Y6G11flICUfnTMDBfrj6k+b8Gq+ov8OJSrRELnPR4hCS EhnvFqx2whS2/lfqM0wxObtZ+QcjP7YG9gqOhuUcXayYrSbktWnZtuvBH4lyeLiW9zFU j6kGtOxiLDF16nD4M+uQOFySrHSNtk5EhUL4Qm4vkdRJezFalcQbstuYH4fvt9ZCi4rV nSjw==
X-Gm-Message-State: ALoCoQkimbx48YM0wR5BtJTU91oZPJjFIldXH3IbidDpz0D67DNWMZglOm3wPgN8oNjdx/3ZQ+CT
X-Received: by with SMTP id b20mr5088522qen.83.1382114148409; Fri, 18 Oct 2013 09:35:48 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id x1sm7005134qai.6.2013. for <> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 18 Oct 2013 09:35:47 -0700 (PDT)
Message-ID: <>
Date: Fri, 18 Oct 2013 12:35:49 -0400
From: Michael StJohns <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Safe ECC usage
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Oct 2013 16:35:55 -0000

I've been watching the curve conspiracy discussion stuff for a bit. I 
don't actually know what the reality is.  So I decided to try and find 
the earliest mention of one of the seeds.  I half expected I was going 
to find the seed string had been pulled from the random number tables in 
the CRC handbook.

I googled for "C49D3608 86E70493 6A6678E1 139D26B7 819F7E90" - the seed 
for P256 and found:

This document has the seed for P256 and P192 (which also matches) but 
not P384 or P521. Only sample curves up to 256 bits were provided.

The existence of this document, created in 1997 would tend to suggest 
that at least a few curves were created in X9 and not by NIST given the 
document precedes the FIPS 186-2 publication by a couple of years.  Of 
course, X9 could have just gotten the curves from NIST as a submission - 
but why weren't P384 and P521 provided at that point?

  I don't have access to the X9 archives - maybe someone out there has a 
set of X9 correspondence around 1997 or so that we could take a look 
at?  I would expect the curves to be some form of specific contribution.