Re: [TLS] Curve25519 in TLS

Rob Stradling <rob.stradling@comodo.com> Thu, 12 September 2013 20:57 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EADD321E808E for <tls@ietfa.amsl.com>; Thu, 12 Sep 2013 13:57:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id koq+tVeLrOR0 for <tls@ietfa.amsl.com>; Thu, 12 Sep 2013 13:57:27 -0700 (PDT)
Received: from mmmail1.mcr.colo.comodoca.net (mdfw.comodoca.net [91.209.196.68]) by ietfa.amsl.com (Postfix) with ESMTP id AFB1411E80AD for <tls@ietf.org>; Thu, 12 Sep 2013 13:57:11 -0700 (PDT)
Received: (qmail 18765 invoked from network); 12 Sep 2013 20:57:08 -0000
Received: from ian.brad.office.comodo.net (192.168.0.202) by mail.colo.comodoca.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 12 Sep 2013 20:57:08 -0000
Received: (qmail 9814 invoked by uid 1000); 12 Sep 2013 20:57:08 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (CAMELLIA256-SHA encrypted) ESMTPSA; Thu, 12 Sep 2013 21:57:08 +0100
Message-ID: <52322AA3.4080503@comodo.com>
Date: Thu, 12 Sep 2013 21:57:07 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Simon Josefsson <simon@josefsson.org>
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com> <522D25B9.7010506@funwithsoftware.org> <56C25B1D-C80F-495A-806C-5DD268731CD4@qut.edu.au> <87zjrl21wp.fsf_-_@latte.josefsson.org> <522ED9A7.7080802@comodo.com> <87fvtbi8ow.fsf@latte.josefsson.org> <5231B8ED.7040301@comodo.com> <9330004B-0BC3-4EDB-91EE-5BA14A4A6CEF@checkpoint.com> <52321039.9060503@comodo.com> <5050f932-9321-449a-be2d-0ad8b667f2f2@email.android.com>
In-Reply-To: <5050f932-9321-449a-be2d-0ad8b667f2f2@email.android.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Curve25519 in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2013 20:57:36 -0000

On 12/09/13 21:41, Simon Josefsson wrote:
<snip>
>>> Umm, the brainpool curves are available.
>>
>> Yes, and the brainpool curves are also available for key exchange.
>>
>> So why bother making curve25519 available for key exchange?
>
> For performance reasons?  It is more efficient.

So then...

>>> Also, I don't get why performance would be less critical than that of
>> ECDHE. In a full handshake, you do both an ECDSA signature and the
>> ECDHE operations. Why would one matter while the other does not?

...it sounds like it does make sense, for performance reasons, to allow 
Curve25519 (or Ed25519, presumably) to be used for keys in certs too.

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online