[TLS] Unwarrented change to point formats

Watson Ladd <watsonbladd@gmail.com> Sat, 26 July 2014 17:58 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 626881A00D7 for <tls@ietfa.amsl.com>; Sat, 26 Jul 2014 10:58:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id P7D1h9Iak1_u for <tls@ietfa.amsl.com>; Sat, 26 Jul 2014 10:58:10 -0700 (PDT)
Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C0EF1A00BE for <tls@ietf.org>; Sat, 26 Jul 2014 10:58:09 -0700 (PDT)
Received: by mail-yk0-f175.google.com with SMTP id q200so3636335ykb.20 for <tls@ietf.org>; Sat, 26 Jul 2014 10:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=ZK/giULQAqMkglhp45uZvxFOHe/uvKmqg8RLHV2G330=; b=Zm9uSwDUAw58aq2wYx0CoZ1ivkiQlVMz9dOUxOCEKMGy6v9O++qGpgESgI5hYGMRBI Kkd7AobRQOaGn+ESRZYLDKcDiM8gTau082ei3na4JIAKlwpwq4pE9Oli/edkM0gLSi7y ZZHghWDfaRVQDqDmk15g4uhXpkC8VSRnNDFutnplAXGwHXv2Ez/wPXpBgwj0sMoUl325 qfNeslwEPAfVExOFBjNMOVOp9DXbBOPMBctag1vEAQmpJ8r87qhgZhdbbnEp37iq3tyu oSQI5P3Ovqqh7SyFRcRKIpIoSApJzWFuuxsEB93bJ/w+2yuxAtYCQcabNAiXhv99jI2N JpDA==
MIME-Version: 1.0
X-Received: by with SMTP id o10mr34702735yhb.49.1406397489299; Sat, 26 Jul 2014 10:58:09 -0700 (PDT)
Received: by with HTTP; Sat, 26 Jul 2014 10:58:09 -0700 (PDT)
Date: Sat, 26 Jul 2014 10:58:09 -0700
Message-ID: <CACsn0cnf64Lj0om9hzvfZymo1KRG6FOiicfcDw3ysfGwaAby3g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/BPPdj8PEYRh8XRxnmKCtPfIywIM
Subject: [TLS] Unwarrented change to point formats
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jul 2014 17:58:14 -0000

Dear all,
Curve25519 was a draft. Curve25519 came back with good reviews from
the CFRG. End of story? No: the TLS WG leadership has decided to ask
for the choice of curves, on nebulous criteria, ignoring existing
drafts, on the basis that the curves must be applicable "IETF wide".

I don't see the reason for this, especially given that OpenSSH has
implemented and deployed Curve25519 and Ed25519, complete with
Montgomery form on the wire.  Arguing that we need twisted Edwards
point formats everywhere for consistency with existing libraries
ignores what has already been deployed and widely adopted.

Watson Ladd