[TLS] Additional Elliptic Curves (Curve25519 etc) for TLS ECDH key agreement
Simon Josefsson <simon@josefsson.org> Sat, 11 January 2014 16:33 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A4E71AE046 for <tls@ietfa.amsl.com>; Sat, 11 Jan 2014 08:33:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvCLJdzgXhmo for <tls@ietfa.amsl.com>; Sat, 11 Jan 2014 08:33:07 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) by ietfa.amsl.com (Postfix) with ESMTP id 49D111AE044 for <tls@ietf.org>; Sat, 11 Jan 2014 08:33:06 -0800 (PST)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id s0BGWrE3012138 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <tls@ietf.org>; Sat, 11 Jan 2014 17:32:55 +0100
X-Hashcash: 1:22:140111:tls@ietf.org::VGEWgrE9aktwknTi:Atof
From: Simon Josefsson <simon@josefsson.org>
To: tls@ietf.org
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Sat, 11 Jan 2014 17:32:53 +0100
Message-ID: <87eh4e7a2y.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.8 at duva.sjd.se
X-Virus-Status: Clean
Subject: [TLS] Additional Elliptic Curves (Curve25519 etc) for TLS ECDH key agreement
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2014 16:33:09 -0000
Dear WG, I may have missed to announce this document before, since some people appear to have missed it. This email is an attempt to introduce the draft to the TLS WG properly. This draft started out as specifying Curve25519 ECDHE key agreement for TLS, back on September. Manuel Pegourie-Gonnard jumped in as co-author and has added details on public/private key representation, shared secret computation, and test vectors, for the -02 draft. In the latest -03 version of the draft, I have changed the document to specify EC Named Curve code points for all "additional elliptic curves" (i.e., Curve25519, E382, M383, Curve3617, M511, E521). Some of the Curve25519-related text may no longer be applicable to all curves, but hopefully that can be fixed later on. The latest draft is here: http://tools.ietf.org/html/draft-josefsson-tls-curve25519-03 The additional curves come from the following CFRG draft, and my current thinking is that our draft (for TLS) would stay in sync with the list of curves in the CFRG document. http://tools.ietf.org/html/draft-ladd-safecurves-02 We'd appreciate general feedback on the draft, especially if there is any interest in adopting this document, and particular feedback on the following points: 1) Do we need all these curves defined for TLS? What is the selection critera for including/exluding some of the curves? Is that a TLS process, or an CFRG process? 2) Does description of private/public key representation and computation of shared secret belong in draft-josefsson-tls-curve25519? It has to be somewhere, I believ, but possibly this could go into draft-ladd-safecurves, or some other generic document, unless there are TLS-specific aspects. Insight into this would be appreciated. Cheers, /Simon
- [TLS] Additional Elliptic Curves (Curve25519 etc)… Simon Josefsson
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Alyssa Rowan
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Alyssa Rowan
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Kurt Roeckx
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Matt Caswell
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Stephen Farrell
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Eric Rescorla
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Matt Caswell
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Eric Rescorla
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Matt Caswell
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Peter Gutmann
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Ilari Liusvaara
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Peter Gutmann
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Ilari Liusvaara
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Ilari Liusvaara
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Alex Elsayed
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Kurt Roeckx
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Sean Turner
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Sean Turner
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Jim Schaad
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Yoav Nir
- Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd