Re: [TLS] Curve25519 draft

Watson Ladd <watsonbladd@gmail.com> Mon, 05 May 2014 00:52 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2579E1A01E8 for <tls@ietfa.amsl.com>; Sun, 4 May 2014 17:52:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cQQ8xMCaLPlo for <tls@ietfa.amsl.com>; Sun, 4 May 2014 17:52:08 -0700 (PDT)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) by ietfa.amsl.com (Postfix) with ESMTP id BA28A1A01E9 for <tls@ietf.org>; Sun, 4 May 2014 17:52:08 -0700 (PDT)
Received: by mail-yk0-f177.google.com with SMTP id 19so4705518ykq.36 for <tls@ietf.org>; Sun, 04 May 2014 17:52:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mZaTXJSyFOvN3TON2VTd7ww7FKUykvZEAEoDW9rblQQ=; b=P7eBc+tq9Ghat7JAZ1SJ5AWvrpHxIKXno0FUMeKEzcfcTsckOKg+9lryRj8XBke0TC p+evrpCPx1lvuqTcdCw+lgGCIcGPnAS2n+jaNK2uvViP3Ct+p1HcuVuJI0uQw6kWUct9 TwAhSPWvG8fufI/7/X+3nJHCrt2ZwWBhB2mSyEZZm5yPJrnDBpkaJZd2uEdBBT6I9okh P7VdFtxlwzIu1/qO6qVWWjkIcxnNOZ/v/rPv1k2K+UTUpzMJplZpbfITY/ppYtzU0cY5 rUwjwwL3M4qF4OiWDx18DAx1NUH5rdmYBpJ1/sD9e0RqACLkOwWJZnfO63+LKfsGusQB Oa1w==
MIME-Version: 1.0
X-Received: by 10.236.198.243 with SMTP id v79mr42873056yhn.87.1399251125438; Sun, 04 May 2014 17:52:05 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Sun, 4 May 2014 17:52:05 -0700 (PDT)
In-Reply-To: <CABcZeBNhUF1OqdzyZLXJN-0V358JMqJ1U9c2k9BmDmdFQjw_3A@mail.gmail.com>
References: <CACsn0cm3nMNeggvebudZorwy1eq=CFmzxr1RyPJ0ibiM7T7gEA@mail.gmail.com> <CABcZeBNhUF1OqdzyZLXJN-0V358JMqJ1U9c2k9BmDmdFQjw_3A@mail.gmail.com>
Date: Sun, 04 May 2014 17:52:05 -0700
Message-ID: <CACsn0ckdhsjp_fnQDhod1Fo5Berpsrk5Te8vEzXftTS5h5BCUg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/3bhHVPDHiMc3HO5paYkE8qWNE7Q
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Curve25519 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 00:52:10 -0000

On Sun, May 4, 2014 at 5:17 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> On Sun, May 4, 2014 at 4:44 PM, Watson Ladd <watsonbladd@gmail.com> wrote:
>>
>> Dear all,
>> My impression of the CFRG meeting result was that Curve25519 was fine,
>> and that drafts describing it were going to be written this summer. In
>> TLS we can proceed with this draft it looks like.
>>
>> Am I misremembering/misunderstanding?
>
>
> My understanding was a bit more modest, namely that the CFRG intended
> to produce a recommendation by IETF Toronto and that Curve25519 was
> probably the leading contender for that recommendation at the 128-bit
> security level, but that they weren't quite ready to commit. So people were
> to go off and do drafts with an aim to have an answer by YYZ. Though
> perhaps I am the one who misunderstood.

Is this the blocking task? In other words, if the CFRG was to tomorrow
say "Curve25519 can be used" would we be ready to proceed to LC? I
feel like the answer is "maybe".

>
> In either case, as a matter of process I would expect (or at least hope)
> that
> the CFRG will send us some sort of formal statement of their recommendation
> so that we have something specific to refer to for future.

Well, what's the timeline/scope on this? I got an impression that the
document to be produced was an algorithm description, not just a list
of curves. Furthermore, we've not discussed signatures, (ECDSA has
issues with performance and batch verification, you need Ed25519, not
Curve25519 (well, for some variants of not)), so if we want one
document to address everything, that's going to be a few more
meetings, without really changing the impact for us.

Sincerely,
Watson Ladd
>
> -Ekr
>
>



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin