Re: [TLS] sect571r1

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 16 July 2015 03:50 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2552F1B2FB8 for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 20:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbslJO4zMZJB for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 20:50:19 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDB441B2C68 for <tls@ietf.org>; Wed, 15 Jul 2015 20:50:18 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id AE909284D2B; Thu, 16 Jul 2015 03:50:17 +0000 (UTC)
Date: Thu, 16 Jul 2015 03:50:17 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150716035017.GX28047@mournblade.imrryr.org>
References: <201507151413.22408.davemgarrett@gmail.com> <CAFR824yu2QiZ=-kR4JxhbxgvSJhi33Jq9s6v4T9qedOzKfrrfg@mail.gmail.com> <CAMfhd9XBzxKDbomTXuMwjge8MPtcg97wyXdp=KRJxNn4j9tbCg@mail.gmail.com> <20150715211140.GU28047@mournblade.imrryr.org> <CAH8yC8mpPG05F9W=OJj8tJWmzHwsv++jFdNtUiAsUiAiBcy1NA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAH8yC8mpPG05F9W=OJj8tJWmzHwsv++jFdNtUiAsUiAiBcy1NA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/RU8JuuQeel9GN6tQSPF4ui4F8gA>
Subject: Re: [TLS] sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 03:50:20 -0000

On Wed, Jul 15, 2015 at 11:41:03PM -0400, Jeffrey Walton wrote:

> > Same here, I think in this case "less is more".  There is no
> > compelling reason for this curve, and needless diversity here is
> > counter-productive.
>
> It provides 256-bits of security. Its the only curve I am aware that
> can transport a AES-256 key while maintaining security levels.

It provides a conjectured security level around 256-bits, as does
secp521r1.

> (I've been through C&A's where matching security levels were examined).

An auditor who believes that we can rigourously quantify the security
of these curves precisely enough to say which is stronger or more
closely "matches" AES-256, should be laughed out of the room and fired.

-- 
	Viktor.