Re: [TLS] On Curve25519 and other possibilities (e.g. ietf256p, ietf384p, ietf521p,

"Salz, Rich" <rsalz@akamai.com> Sat, 28 June 2014 22:24 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A20AA1A00FF for <tls@ietfa.amsl.com>; Sat, 28 Jun 2014 15:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.451
X-Spam-Level:
X-Spam-Status: No, score=-3.451 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aFNZqT5UJn-9 for <tls@ietfa.amsl.com>; Sat, 28 Jun 2014 15:24:37 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id 456E81A00FB for <tls@ietf.org>; Sat, 28 Jun 2014 15:24:37 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 5F9AF2863E; Sat, 28 Jun 2014 22:24:36 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 4538428640; Sat, 28 Jun 2014 22:24:36 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub6.kendall.corp.akamai.com [172.27.105.22]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id 2CAE52038; Sat, 28 Jun 2014 22:24:36 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([172.27.107.26]) by USMA1EX-CASHUB6.kendall.corp.akamai.com ([172.27.105.22]) with mapi; Sat, 28 Jun 2014 18:24:35 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Michael StJohns <msj@nthpermutation.com>, "tls@ietf.org" <tls@ietf.org>
Date: Sat, 28 Jun 2014 18:24:34 -0400
Thread-Topic: [TLS] On Curve25519 and other possibilities (e.g. ietf256p, ietf384p, ietf521p,
Thread-Index: Ac+TC295pcCKA9XnQh6uGiLv+aWDpAAE70jA
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C71854BEFA48@USMBX1.msg.corp.akamai.com>
References: <53AC97B8.2080909@nthpermutation.com> <CABcZeBN5uY4bteXW=OFC1z3ANoSC8AqxG6E6artdOKPF=VxdJg@mail.gmail.com> <53AD56D2.7060200@cs.tcd.ie> <53AF1E98.2080906@nthpermutation.com>
In-Reply-To: <53AF1E98.2080906@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/RqAg6NqnlDiAtmg9TEsbLunaMko
Subject: Re: [TLS] On Curve25519 and other possibilities (e.g. ietf256p, ietf384p, ietf521p,
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Jun 2014 22:24:38 -0000

> If DJB et al is willing to transfer change control/copyright/patent rights/moral
> rights to the IETF (via appropriate documentation), and the IETF is willing to
> publish an actual standard then this objection goes away.

Okay, I think we can knock this one off the list.  Sean Turner is writing an RFC and Tanja (and me) will be helping. Dan gives his approval but didn't have time to help. 

I agree that the IETF is a small group, especially compared to ANSI X9.62 and such.  But that doesn't mean we can't, or shouldn't, get back into the crypto standardization.  We have way more involved from real cryptographers than before.

> *sigh* If the IETF is really going to get into the business of standardizing
> crypto, we need to get the process for doing so right the first time rather
> than just plugging it in to TLS and hoping we don't have to redo it over and
> over again.

Agree.  But again, it's "back into the business"  Because we did it before with TLS1, IPsec, and ECC curves therein.

	/r$

--  
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz@jabber.me; Twitter: RichSalz