Re: [TLS] WG: New Version Notification for draft-bruckert-brainpool-for-tls13-00.txt
Eric Rescorla <ekr@rtfm.com> Sun, 02 September 2018 19:11 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93CAC130DDF for <tls@ietfa.amsl.com>; Sun, 2 Sep 2018 12:11:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nAydO-7Vtluo for <tls@ietfa.amsl.com>; Sun, 2 Sep 2018 12:11:18 -0700 (PDT)
Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0561712F295 for <tls@ietf.org>; Sun, 2 Sep 2018 12:11:18 -0700 (PDT)
Received: by mail-lf1-x144.google.com with SMTP id e23-v6so13544318lfc.13 for <tls@ietf.org>; Sun, 02 Sep 2018 12:11:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NGp+DVoers8hRKBL/oTzZVFDFpwyM74T7lF+7Nvh/zA=; b=2Oh4yft++DN157Xfi8EHVEzAO/3xooIt+QrOSjeswZ5eoumzKO0mfnZvvwwOvh0BsA 9pUgwVtMZXWfIuddJDNWTKpKhRDf3L7BPO2WHthAYud53tWHgR9/2SF+VwtJdjCSzl7f GMQf+dUp6TyeG6UzaOwbLS2gRnDkBELZxHb0BGW/81DhxHTnO70SgPCiGG1x94V9oWio /dLb31YmJBdUIMnHFGkFVG+uZDvP++1QBXENI9EItAuu04gtckwl89PgZd4Y1N+jJ6ge vLeUJWoAxdaiCeLT4db437sFmCgrBiAUNNdDDDRHoTU/vPKQhnt9RQgP/hiDi6r6EYsU eNmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NGp+DVoers8hRKBL/oTzZVFDFpwyM74T7lF+7Nvh/zA=; b=gARo0WdQ9hGGOJ+C8q1LtPQQ+l5nm+PcTfb1GlNLaiQ7o8os58/d9wrFcDkIWK4sBV sbn9tApckfJP1ouDBH8wPKNXGVfIPAqhVfcw4adwH5ZSG38JCh8lWdiCZW1JbzNDQro8 K2JqCJ/9gSZ9fl6qg343Mic8ujb9MEoqiT2oBqGW1vx3WztHON6eFAwFpitKicC+PYkx udm69dcaR/1Ox+/L8Xxez1nTtVkleyPgUSM2VGJBrmahHh/v6TQBbTOWAi2fpDHdTEfm 0q5/WAigCexXm/tfTZiOK2BaUSRJndlKh317jjM0amvC7d/mChiUfvxJRW5y+8rwM13+ 6e6g==
X-Gm-Message-State: APzg51BKo2vE5lPP7Ap1gh2Rk3rILrA2EQdXfKo8iVfC8WLaNrz9cqcx J/baM612UeWLlf5Aa95xfoTR/s/wtAxbalUtByK3bt8MqnY=
X-Google-Smtp-Source: ANB0Vdb3aGY4XJ3foCaG63GvJ4hGefmLpp/HpXh2y6rBMUc14W3xHfryK6nVeuBOEfc1aOPDxWLnc/57tJPfRRERSjs=
X-Received: by 2002:a19:6756:: with SMTP id e22-v6mr7551255lfj.54.1535915476226; Sun, 02 Sep 2018 12:11:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab3:5e11:0:0:0:0:0 with HTTP; Sun, 2 Sep 2018 12:10:35 -0700 (PDT)
In-Reply-To: <DE8E4C1F24911E469CC24DD4819274AA2C1D4534@mail-essen-01.secunet.de>
References: <153569768626.3253.16680905114240291331.idtracker@ietfa.amsl.com> <DE8E4C1F24911E469CC24DD4819274AA2C1D4534@mail-essen-01.secunet.de>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 02 Sep 2018 12:10:35 -0700
Message-ID: <CABcZeBOsoE4dv1EH0e2X5OrfjhoheSnx1oEdRrPgUZiDAx4XeA@mail.gmail.com>
To: "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005da6440574e830d7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/P_tVAQ95IJYOaCloRQkdfGNj6BE>
Subject: Re: [TLS] WG: New Version Notification for draft-bruckert-brainpool-for-tls13-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Sep 2018 19:11:22 -0000
Rich version of this review at: https://mozphab-ietf.devsvcdev.mozaws.net/D12108 Leonie, Can you say more about your intended outcome here? You don't need to have an RFC in order to register these code points. Are you hoping for WG acceptance, or are you just planning to register on the basis of the I-D? -Ekr COMMENTS S 1. > Brainpool Curves in earlier TLS versions. > > The negotiation of ECC Brainpool Curves for key exchange according to > [RFC8446] requires the definition and assignment of additional > NamedGroup IDs. This document specifies such values for three curves > from [RFC5639]. I think you want to state that this works for TLS 1.2 as well. S 2. > brainpoolP384r1(TBD2), > brainpoolP512r1(TBD3) > } NamedGroup; > > The encoding of ECDHE parameters as defined in section 4.2.8.2 of > [RFC8446] also applies to this document. Which encoding? The structured encoding used for NIST curves or the blob one used for the CFRG curves. S 3. > > enum { > ecdsa_brainpoolP256r1_sha256(TBD4), > ecdsa_brainpoolP384r1_sha384(TBD5), > ecdsa_brainpoolP512r1_sha512(TBD6) > } SignatureScheme; Just for completeness, you should state what these mean. S 5. > y*Z^3) with the coefficient Z specified for that curve in [RFC5639], > in order to take advantage of an an efficient arithmetic based on the > twisted curve's special parameters (A = -3): although the twisted > curve itself offers the same level of security as the corresponding > random curve (through mathematical equivalence), an arithmetic based > on small curve parameters may be harder to protect against side- "an arithmetic" isn't really idiomatic English. S 6.2. > y_Z: the y-coordinate of the shared secret that results from > completion of the Diffie-Hellman computation > > The field elements x_qA, y_qA, x_qB, y_qB, x_Z, y_Z are represented > as hexadecimal values using the FieldElement-to-OctetString > conversion method specified in [SEC1]. Do you want to give test vectors for the key share. On Sun, Sep 2, 2018 at 6:30 AM, Bruckert, Leonie < Leonie.Bruckert@secunet.com> wrote: > We submitted an Internet Draft defining the usage of the Brainpool Curves > for TLS 1.3. > > > > We appreciate your comments. > > > > Leonie > > > > -----Ursprüngliche Nachricht----- > Von: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > Gesendet: Freitag, 31. August 2018 08:41 > An: Merkle, Johannes; Manfred Lochter; Bruckert, Leonie > Betreff: New Version Notification for draft-bruckert-brainpool-for- > tls13-00.txt > > > > > > A new version of I-D, draft-bruckert-brainpool-for-tls13-00.txt > > has been successfully submitted by Leonie Bruckert and posted to the > > IETF repository. > > > > Name: draft-bruckert-brainpool-for-tls13 > > Revision: 00 > > Title: ECC Brainpool Curves for Transport Layer > Security (TLS) Version 1.3 > > Document date: 2018-08-30 > > Group: Individual Submission > > Pages: 10 > > URL: https://www.ietf.org/internet-drafts/draft-bruckert- > brainpool-for-tls13-00.txt > > Status: https://datatracker.ietf.org/doc/draft-bruckert-brainpool- > for-tls13/ > > Htmlized: https://tools.ietf.org/html/draft-bruckert-brainpool-for- > tls13-00 > > Htmlized: https://datatracker.ietf.org/doc/html/draft-bruckert- > brainpool-for-tls13 > > > > > > Abstract: > > This document specifies the use of several ECC Brainpool curves for > > authentication and key exchange in the Transport Layer Security (TLS) > > protocol version 1.3. > > > > > > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
- [TLS] WG: New Version Notification for draft-bruc… Bruckert, Leonie
- Re: [TLS] WG: New Version Notification for draft-… Hanno Böck
- Re: [TLS] WG: New Version Notification for draft-… Viktor Dukhovni
- Re: [TLS] WG: New Version Notification for draft-… Eric Rescorla
- Re: [TLS] WG: New Version Notification for draft-… Bruckert, Leonie
- Re: [TLS] WG: New Version Notification for draft-… Bruckert, Leonie
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario
- Re: [TLS] WG: New Version Notification for draft-… Bruckert, Leonie
- Re: [TLS] WG: New Version Notification for draft-… Eric Rescorla
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario
- Re: [TLS] WG: New Version Notification for draft-… Eric Rescorla
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario
- Re: [TLS] WG: New Version Notification for draft-… Eric Rescorla
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario
- Re: [TLS] WG: New Version Notification for draft-… Eric Rescorla
- Re: [TLS] WG: New Version Notification for draft-… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario
- Re: [TLS] WG: New Version Notification for draft-… Eric Rescorla
- Re: [TLS] WG: New Version Notification for draft-… Hubert Kario