IETF Logo Mail Archive

Re: [TLS] Curve25519 in TLS and Additional Curves in TLS

Manuel Pégourié-Gonnard <mpg@polarssl.org> Thu, 03 April 2014 19:14 UTC

Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52E3B1A02B2 for <tls@ietfa.amsl.com>; Thu, 3 Apr 2014 12:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.394
X-Spam-Level:
X-Spam-Status: No, score=0.394 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RsqIiqfHqMgy for <tls@ietfa.amsl.com>; Thu, 3 Apr 2014 12:14:15 -0700 (PDT)
Received: from vps2.brainspark.nl (vps2.brainspark.nl [141.138.204.106]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC001A02B0 for <tls@ietf.org>; Thu, 3 Apr 2014 12:14:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:CC:To:MIME-Version:From:Date:Message-ID; bh=5h1Ioru5bJFF76iRv+FoJorpqGL4U1S7sYrgnxH7hXU=; b=S1M400m4N1HQ16IPHv5mvsJS7mwQb5oTuwDGPSCVPHzKSVZjErp6ihXDvBUGFYwK50O2OzT24VjEPBzhf/TZAebcm9pEAT7KiVPywbIjyRV6sC3lhkDlX5+G7KmIyWu/j2pfJRg1198hNifV6lqP49V7qnXTIR1x7Hido7vxN7A=;
Received: from thue.elzevir.fr ([88.165.216.11] helo=[192.168.0.124]) by vps2.brainspark.nl with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1WVn5A-0001tD-Ge; Thu, 03 Apr 2014 21:13:51 +0200
Message-ID: <533DB2F4.5090803@polarssl.org>
Date: Thu, 03 Apr 2014 21:13:56 +0200
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <87ob3456s1.fsf@latte.josefsson.org> <20140402164340.GA14790@roeckx.be> <533C554A.7080607@akr.io> <533CF9C5.7030107@brainhub.org> <533D2207.807@polarssl.org> <CACsn0cmevdjDv0TgS3mczcxpeSz=1cbc3Wp_d--VeXqvPgitww@mail.gmail.com>
In-Reply-To: <CACsn0cmevdjDv0TgS3mczcxpeSz=1cbc3Wp_d--VeXqvPgitww@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 88.165.216.11
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.brainspark.nl)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/RqLKSwujXk1vwwf5TzDXUVSdnA8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Curve25519 in TLS and Additional Curves in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 19:14:19 -0000

On 03/04/2014 18:52, Watson Ladd wrote:
> On Thu, Apr 3, 2014 at 1:55 AM, Manuel Pégourié-Gonnard
> <mpg@polarssl.org> wrote:
>> In the next iteration of the draft, it might change to
>>
>> 33 tt xx xx .. xx
>>
>> Where tt would be an "encoding type" which would allow for future extensions
>> like transmitting y too, or a bit of y, or (parts of) other representation (eg
>> Edwards coordinates).
> 
> I don't think this is a good idea. At the time when one side sees the
> point it is too late to negotiate. So points with different encodings
> should be indicated as different in the Client Hello message to enable
> negotiation of which one to send.

That's the intention, yes (indicating supported point formats in the existing
ClientHello and ServerHello extensions).

> Furthermore, I don't see benefit to
> the potential extensions yet for pure DH.
> 
Just because we can't see a benefit for extensions now doesn't mean we shouldn't
leave the door open for later ideas.

> Also, do we really need a length prefix on a string that is always 32
> bytes long? I get that the TLS encoding provides that, but length
> prefix formats are a can of worms: what should happen when 33 0 or 32
> 32 xx .. are encountered?
> 
Well, what's already hapenning: implementations check for consistency. This is
no different than with the current short Weierstrass curves.

Manuel.

v2.23.0 | Report a Bug | By Email