Re: [TLS] Early code point assignments for 25519/448 curves
Martin Thomson <martin.thomson@gmail.com> Mon, 23 November 2015 21:16 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DC661B344A for <tls@ietfa.amsl.com>; Mon, 23 Nov 2015 13:16:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHzD63y4eOxx for <tls@ietfa.amsl.com>; Mon, 23 Nov 2015 13:16:35 -0800 (PST)
Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com [IPv6:2607:f8b0:4001:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B44D91B3452 for <tls@ietf.org>; Mon, 23 Nov 2015 13:16:35 -0800 (PST)
Received: by igvg19 with SMTP id g19so82563690igv.1 for <tls@ietf.org>; Mon, 23 Nov 2015 13:16:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Kju35cNb97MxHZeuKkqNnwZDKpU+ivDgXpFCRQ/tq58=; b=swgsnOicXA2lAEqHVQfMnBKB58gjxWbskvirW6/xDFSnGGIAvM9VuhKN7Na3dDuuGG WietvEhd5pq53esjQ7Eru87f75MXttrp/l0YbJtol2AYwJQkmquVZbAKxxMI8y8Ey1VV Ka171qRb6tlhM/0NkKnOuW3T+xHfQzKUdguCVgJbAVQV0i+oRY6OY3MUO3Z8ENhw4bIb IfbkGsB+uFcnHOujC/cnpjS/AponQ28ZlDkI0Yje9p0LTidXN5/HwtxO7JkdwRYbbLHQ sw0v2XjcCkuCpYhlLFV0Ykx/dAUC9lyLjCVWy7aSVXdw6uihsVfgydkvakGYoEP6TFMZ NnsA==
MIME-Version: 1.0
X-Received: by 10.50.143.10 with SMTP id sa10mr14797303igb.77.1448313395111; Mon, 23 Nov 2015 13:16:35 -0800 (PST)
Received: by 10.36.155.139 with HTTP; Mon, 23 Nov 2015 13:16:35 -0800 (PST)
In-Reply-To: <45D7CFCA-1ABE-4123-9E27-4DB5B8B6D9DA@gmail.com>
References: <385E6AFF-52C3-4E40-A69F-178602A449A7@sn3rd.com> <45D7CFCA-1ABE-4123-9E27-4DB5B8B6D9DA@gmail.com>
Date: Mon, 23 Nov 2015 13:16:35 -0800
Message-ID: <CABkgnnX15PcEByT2-Q9eS2d5o1C_WfQ2VUJ30iGN_N1BX1WuXQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/JexVqaOPbRdCPvlBrGDdq2K13t8>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Early code point assignments for 25519/448 curves
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2015 21:16:40 -0000
On 23 November 2015 at 12:56, Yoav Nir <ynir.ietf@gmail.com> wrote: > It’s been suggested that as long as the CFRG signature curves document is not finalized, we should wait with the eddsa_* ones. I don’t believe so. Anything in any draft is subject to change up to the time it’s published [...] In your opinion, do you see the semantics of the codepoints changing in any meaningful way? It's one thing to say "accept the risks", but if anyone thinks that there are necessary changes forthcoming, that would give me pause. If everyone says that it's highly unlikely, I'm supportive of the notion that we get a codepoint. Are we happy that we will only be needing the PureEdDSA variants and that no-one will be asking for the HashEdDSA versions? I ask because I've heard it suggested (I think Karthik mentioned this) that we might want to sign the transcript directly in TLS 1.3 rather than rely on collision-resistance of the selected hash function. That would be harder without access to HashEdDSA.
- [TLS] Early code point assignments for 25519/448 … Sean Turner
- Re: [TLS] Early code point assignments for 25519/… Andrei Popov
- Re: [TLS] Early code point assignments for 25519/… Martin Thomson
- Re: [TLS] Early code point assignments for 25519/… Dave Kern
- Re: [TLS] Early code point assignments for 25519/… Yoav Nir
- Re: [TLS] Early code point assignments for 25519/… Stephen Farrell
- Re: [TLS] Early code point assignments for 25519/… Eric Rescorla
- Re: [TLS] Early code point assignments for 25519/… Ilari Liusvaara
- Re: [TLS] Early code point assignments for 25519/… Martin Thomson
- Re: [TLS] Early code point assignments for 25519/… Bill Frantz
- Re: [TLS] Early code point assignments for 25519/… Ilari Liusvaara
- Re: [TLS] Early code point assignments for 25519/… Ilari Liusvaara
- Re: [TLS] Early code point assignments for 25519/… Yoav Nir
- Re: [TLS] Early code point assignments for 25519/… Sean Turner