Re: [TLS] Unwarrented change to point formats

Eric Rescorla <ekr@rtfm.com> Sun, 27 July 2014 21:37 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C1021A0368 for <tls@ietfa.amsl.com>; Sun, 27 Jul 2014 14:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R2LaVZwMr5yM for <tls@ietfa.amsl.com>; Sun, 27 Jul 2014 14:37:50 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76E4C1A031A for <tls@ietf.org>; Sun, 27 Jul 2014 14:37:50 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id f8so3416227wiw.1 for <tls@ietf.org>; Sun, 27 Jul 2014 14:37:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=iSMpBBtigSRmJ4yXOvwywgsThw4a9x8F7vuOAoVxD0o=; b=RDFtpUsaaLo8TY+VhnwxgYLiIBf/PbZdOCfyqSxnwbQlMFzEbPYTTY1ClLaVOs4cL0 RMtYFael8cskez/WFwhT3wQY6Zmq572QuNpBeUt8cSfy/NqH3kWI7tTkoWwiVleYrfnu RcTIHfX7oVRY/ElRtfGQ0pSV1eCbNiwS29FUphpyL/NmGAbn+eNKnPqFrFup9ZT2DZhm 8ynSly/mHEM7m7prt81N9I2DtaKL8XrZ58m7yetY5OiJ9hTjgMcTuWvd+9SLxq9zxVw3 1hFrTiGV3mv3O6r16GY4+TTRJy957Ne2udyBpQxMeqE0OocsseENF9Oyt8M9F5tQuNLB F+tw==
X-Gm-Message-State: ALoCoQkNDdpTPrbSlvZF0VxMC4O2L005VNZujAKPIbuubaXyFRPSyvTU8D7xJmgl3F3NoKzIeCyr
X-Received: by 10.180.39.34 with SMTP id m2mr23580561wik.80.1406497069104; Sun, 27 Jul 2014 14:37:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.128.12 with HTTP; Sun, 27 Jul 2014 14:37:09 -0700 (PDT)
X-Originating-IP: [74.95.2.168]
In-Reply-To: <CACsn0cnMcSp1G0j6_1ZGr9nZB8ncOyiUkJQS+dCkjeGByZUh6A@mail.gmail.com>
References: <CACsn0cnf64Lj0om9hzvfZymo1KRG6FOiicfcDw3ysfGwaAby3g@mail.gmail.com> <ACA887E2-DFE3-41A3-9A75-BAA72843169A@rhul.ac.uk> <CABcZeBMUTZM1y+oxTAjemw=LSWTycJNDdKPUou+H+ML3LHWPqw@mail.gmail.com> <CACsn0cnMcSp1G0j6_1ZGr9nZB8ncOyiUkJQS+dCkjeGByZUh6A@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 27 Jul 2014 14:37:09 -0700
Message-ID: <CABcZeBNKj2B2-sHAXegXYYEAqYN2GjwAVJL7LSUW6kQY-njoNw@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary=001a1134b5b82e9de804ff339e97
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_GQNceJK6EhZ-IP9B_yUq6W-T5o
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Unwarrented change to point formats
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jul 2014 21:37:52 -0000

On Sun, Jul 27, 2014 at 1:39 PM, Watson Ladd <watsonbladd@gmail.com> wrote:

> On Sun, Jul 27, 2014 at 1:26 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>


> > To take a specific set of cases. TLS has three major uses for public key
>  > crypto of this type:
> >
> > - Key establishment
> > - Digital signatures over handshake messages (ServerKeyExchange,
> >   CertificateVerify, etc.)
> > - Digital signatures over certificates.
> >
> > It seems likely that key establishment shares common requirements for
> > multiple protocols. Similarly, it would be quite convenient if the
> > signatures
> > used in TLS were the same as those used for the certificates used for
> TLS,
> > even though the latter are not defined in TLS. So, when I say an
> IETF-wide
> > set of recommendations that's the kind of thing I mean.
> >
> > I wasn't aware that any of this was particularly controversial.
>
> You had a draft in hand, got a reply that "yeah, looks good", and then
> went back to ask for
> a completely different design process, for reasons never discussed.
> It's the second round
> that's confusing me.
>

This does not match my understanding of the history.

Rather, here's my memory:

1. We asked the CFRG for a recommendation.

2. The CFRG held an interim discussion where a lot of good things
were said about Curve25519 but the CFRG never made a recommendation
to the TLS WG, but instead said it would come back and make
a recommendation.

3. The TLS Chairs sent the CFRG chairs a written request to make
such a recommendation (my memory is that they actually asked us
to write something down, but I don't immediately see it in my mail.)

Which brings us to the current process being run in CFRG.

-Ekr