Re: [TLS] I-D Action: draft-ietf-tls-curve25519-01.txt
Hubert Kario <hkario@redhat.com> Mon, 20 July 2015 10:55 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B88F31A1B83 for <tls@ietfa.amsl.com>; Mon, 20 Jul 2015 03:55:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDegdED9TiG1 for <tls@ietfa.amsl.com>; Mon, 20 Jul 2015 03:55:46 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D24D1A1B78 for <tls@ietf.org>; Mon, 20 Jul 2015 03:55:46 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id BCEB2BC901; Mon, 20 Jul 2015 10:55:45 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-167.brq.redhat.com [10.34.0.167]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t6KAthJg012303 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 20 Jul 2015 06:55:45 -0400
From: Hubert Kario <hkario@redhat.com>
To: Simon Josefsson <simon@josefsson.org>
Date: Mon, 20 Jul 2015 12:55:37 +0200
Message-ID: <4270669.Na8fLuOzTD@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.9 (Linux/4.0.6-200.fc21.x86_64; KDE/4.14.9; x86_64; ; )
In-Reply-To: <878uairce7.fsf@latte.josefsson.org>
References: <20150706114814.10143.87075.idtracker@ietfa.amsl.com> <17744104.AefDTyBEY2@pintsize.usersys.redhat.com> <878uairce7.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1773425.U4HHyec223"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8AKCMT26KU0OMzESkIuYAEprLRY>
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action: draft-ietf-tls-curve25519-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 10:55:47 -0000
On Tuesday 14 July 2015 17:23:44 Simon Josefsson wrote: > Hubert Kario <hkario@redhat.com> writes: > > On Sunday 12 July 2015 16:39:37 Simon Josefsson wrote: > >> Hubert Kario <hkario@redhat.com> writes: > >> > As is described in secion 5.1. of RFC 4492, and then reiterated in > >> > section 2.2. of this draft - the elliptic_curves (a.k.a. > >> > supported_groups) > >> > guides both the ECDH curves and curves understandable by peer for ECDSA > >> > signatures. > >> > > >> > As Curve25519 and Curve448 can only be used for ECDHE, maybe they > >> > should > >> > be > >> > > >> > defined/named in the registry as such, to remove any ambiguity[1]: > >> > enum { > >> > > >> > Curve25519_ecdh(TBD1), > >> > Curve448_ecdh(TBD2), > >> > > >> > } NamedCurve; > >> > >> I don't care strongly. One disadvantage with this is that if we decide > >> to reuse these NamedCurve allocations to have something to do with > >> Ed25519, the naming above will be confusing. However, I believe it is > >> already likely that Ed25519 will have its own NamedCurve. > > > > Given that there certainly will be implementations that support ecdh > > and not the signatures, we certainly *don't* want to reuse this > > codepoint for anything else. > > > > So unless the PKIX and TLS parts are defined at the same time, in the same > > document, we definitely need to keep them apart. > > It is conceivable to reuse the NamedCurve values for TLS authentication > without affecting the ECHDE use, nor delaying the Curve25519 ECDHE work. > > Compare how we "reuse" the ECDHE ciphersuite values to refer to > Curve25519 (instead of defining new ciphersuites for Curve25519), and > how we are "reusing" the "uncompressed" code point to refer to > Curve25519-compressed code points (instead of defining new > ECPointFormat). the point is, that if Ed25519 for signatures is defined, an implementation that doesn't understand it[1] can't advertise that fact 1 - be it because it wasn't updated yet, or because the programmers don't consider it important enough yet - that doesn't matter -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
- [TLS] I-D Action: draft-ietf-tls-curve25519-01.txt internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Simon Josefsson
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Simon Josefsson
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-curve25519-0… Ilari Liusvaara