Re: [TLS] Curve25519 in TLS

Nico Williams <nico@cryptonector.com> Thu, 12 September 2013 21:12 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C00B111E822F for <tls@ietfa.amsl.com>; Thu, 12 Sep 2013 14:12:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.927
X-Spam-Level:
X-Spam-Status: No, score=-1.927 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsaQiHaM1NYG for <tls@ietfa.amsl.com>; Thu, 12 Sep 2013 14:12:49 -0700 (PDT)
Received: from homiemail-a71.g.dreamhost.com (caiajhbdcbef.dreamhost.com [208.97.132.145]) by ietfa.amsl.com (Postfix) with ESMTP id D222B11E813B for <tls@ietf.org>; Thu, 12 Sep 2013 14:12:49 -0700 (PDT)
Received: from homiemail-a71.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTP id DB30242807A for <tls@ietf.org>; Thu, 12 Sep 2013 14:12:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=LW7kih1ASUld6W02CKh8 p7IGAHw=; b=LeqtuBk+Dzc5s4W9EblVAM4BHUo1enbeuXju7VsFDAGTA5d4iQgq NMs2aKrzpl53lS2FGgd8JsidAQ5pR5ub5uNXGu77CyhXdRPGYpkslBhJNbHHLFy/ wYa5SLOkOi4hoXY9/AlfpcF7b0Lld0zA62v+rC6PN9Spj6Bo+3/LSxY=
Received: from mail-we0-f170.google.com (mail-we0-f170.google.com [74.125.82.170]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTPSA id 1BC5B428075 for <tls@ietf.org>; Thu, 12 Sep 2013 14:12:42 -0700 (PDT)
Received: by mail-we0-f170.google.com with SMTP id w62so360412wes.15 for <tls@ietf.org>; Thu, 12 Sep 2013 14:12:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=sg/db+Qzm6KzkCK9WalD1SmwfiLcUnvk66yuZ1nK8qs=; b=hL9Cs8yb4kcwcMOiY6qNMWKNDbBn5SOh5OrYA8eaeMmHeI/m8sBLM7dkX9UOIopt2K MjHGpkOffBhNo5bKG7od/nXRnhuYRXPNhK0Qu6RLSQN+9K4drGqV6plKwTWg9I364UAu wiMQjkToWls9oMWSP8wsLWArGNgTdxRXnL0R9kzg8zfun8K4DFMPMVwKYBf3LbMLVQJ0 b2I7ql2SqvCTNR0Ao+XpajHG/LI2OSDQY7oFunhhIYolRr2xSMseogE3ph+JI2FjFlkW ltBGTTNJ3uVS5JS/1r4DJNqr6mFViyGdUQzymlO4cB0sT6Eo7pNHhU4xe0FO4srkm5K7 ZEag==
MIME-Version: 1.0
X-Received: by 10.180.206.244 with SMTP id lr20mr7505994wic.45.1379020361698; Thu, 12 Sep 2013 14:12:41 -0700 (PDT)
Received: by 10.216.240.70 with HTTP; Thu, 12 Sep 2013 14:12:41 -0700 (PDT)
In-Reply-To: <52322AA3.4080503@comodo.com>
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com> <522D25B9.7010506@funwithsoftware.org> <56C25B1D-C80F-495A-806C-5DD268731CD4@qut.edu.au> <87zjrl21wp.fsf_-_@latte.josefsson.org> <522ED9A7.7080802@comodo.com> <87fvtbi8ow.fsf@latte.josefsson.org> <5231B8ED.7040301@comodo.com> <9330004B-0BC3-4EDB-91EE-5BA14A4A6CEF@checkpoint.com> <52321039.9060503@comodo.com> <5050f932-9321-449a-be2d-0ad8b667f2f2@email.android.com> <52322AA3.4080503@comodo.com>
Date: Thu, 12 Sep 2013 16:12:41 -0500
Message-ID: <CAK3OfOjUor1-_wv3g9_f0YO4Qtufsz1C7z18KRhpFckcdbjXgw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Rob Stradling <rob.stradling@comodo.com>
Content-Type: text/plain; charset="UTF-8"
Cc: Simon Josefsson <simon@josefsson.org>, Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Curve25519 in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2013 21:12:54 -0000

On Thu, Sep 12, 2013 at 3:57 PM, Rob Stradling <rob.stradling@comodo.com> wrote:
> On 12/09/13 21:41, Simon Josefsson wrote:
>>> So why bother making curve25519 available for key exchange?
>>
>> For performance reasons?  It is more efficient.
>
> So then...
>
> ...it sounds like it does make sense, for performance reasons, to allow
> Curve25519 (or Ed25519, presumably) to be used for keys in certs too.

Yes.

Of course, in practice it's much easier to deploy new ECDH curves for
key agreement than new signature algorithms because the former are
easily negotiated in actual protocols, while the latter are less so.
But, yes.

Nico
--