Re: [TLS] (selection criteria for crypto primitives) Re: sect571r1

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 16 July 2015 13:08 UTC

Return-Path: <prvs=4639a037fa=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF8B1B3AC7 for <tls@ietfa.amsl.com>; Thu, 16 Jul 2015 06:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QoMs463OPjUk for <tls@ietfa.amsl.com>; Thu, 16 Jul 2015 06:08:16 -0700 (PDT)
Received: from mx1.ll.mit.edu (MX1.LL.MIT.EDU [129.55.12.45]) by ietfa.amsl.com (Postfix) with ESMTP id 70CC11B3AB8 for <tls@ietf.org>; Thu, 16 Jul 2015 06:08:16 -0700 (PDT)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by mx1.ll.mit.edu (unknown) with ESMTP id t6GD8EvF025401; Thu, 16 Jul 2015 09:08:14 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Tony Arcieri <bascule@gmail.com>, Rene Struik <rstruik.ext@gmail.com>
Thread-Topic: [TLS] (selection criteria for crypto primitives) Re: sect571r1
Thread-Index: AdC/yHkALNgqnPrruUqZIET3JjOxjQ==
Date: Thu, 16 Jul 2015 13:08:14 +0000
Message-ID: <20150716130822.17764416.68011.9639@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="===============2097343213=="
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-07-16_03:2015-07-16,2015-07-16,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1506180000 definitions=main-1507160201
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/PmRuuh0rkKZiaISrPD-Oxnk3nLs>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] (selection criteria for crypto primitives) Re: sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 13:08:19 -0000

I think you convinced me. And to think of it, I never did like binary curves. :-)

No binary curves for the future. :-)

Tnx!

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
From: Tony Arcieri
Sent: Wednesday, July 15, 2015 22:32
To: Rene Struik
Cc: <tls@ietf.org>
Subject: Re: [TLS] (selection criteria for crypto primitives) Re: sect571r1
‎
To respond more specifically to your concerns:

On Wed, Jul 15, 2015 at 6:42 PM, Rene Struik <rstruik.ext@gmail.com> wrote:
It seems prudent to keep some diversity of the gene pool and not only have curves defined over prime curves. Similarly, one should perhaps have some diversity of gene pool criteria within the set of recommend curves and not only include special primes. Should some problem with a particular subclass show up over time, one then at least has other classes available.

Binary curves in particular are showing warning signs of potential future security issues:

https://eprint.iacr.org/2015/310.pdf

I think even if we don't completely pare down the TLS curve portfolio to the list I suggested, if nothing else I would like to see binary curves removed.

-- 
Tony Arcieri
‎