Re: [TLS] Using Brainpool curves in TLS
Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed, 16 October 2013 14:25 UTC
Return-Path: <mpg@elzevir.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5A911E82A8 for <tls@ietfa.amsl.com>; Wed, 16 Oct 2013 07:25:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZ+Gij3K4Q8U for <tls@ietfa.amsl.com>; Wed, 16 Oct 2013 07:25:18 -0700 (PDT)
Received: from mordell.elzevir.fr (mordell.elzevir.fr [92.243.3.74]) by ietfa.amsl.com (Postfix) with ESMTP id 8D43911E826F for <tls@ietf.org>; Wed, 16 Oct 2013 07:25:15 -0700 (PDT)
Received: from thue.elzevir.fr (thue.elzevir.fr [88.165.216.11]) by mordell.elzevir.fr (Postfix) with ESMTPS id EB4B316153; Wed, 16 Oct 2013 16:25:11 +0200 (CEST)
Received: from [192.168.0.124] (unknown [192.168.0.254]) by thue.elzevir.fr (Postfix) with ESMTPSA id 8EF40260A6; Wed, 16 Oct 2013 16:25:10 +0200 (CEST)
Message-ID: <525EA1C6.5030909@elzevir.fr>
Date: Wed, 16 Oct 2013 16:25:10 +0200
From: Manuel Pégourié-Gonnard <mpg@elzevir.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.0
MIME-Version: 1.0
To: Tom Ritter <tom@ritter.vg>, Johannes Merkle <johannes.merkle@secunet.com>
References: <525C11B5.2050604@secunet.com> <525CEFA4.2030903@funwithsoftware.org> <01b901cec9a0$004e12b0$00ea3810$@offspark.com> <CACsn0ckOnrQTOLdUo9gT8hbTx4cEqX9CP6=BRFYtpV1CpT7HXQ@mail.gmail.com> <525E3E6B.1020604@secunet.com> <CA+cU71=ws7Uh6OuJhMdU521Uvm1zj=agb3HPNZudpX1R6v7mXA@mail.gmail.com>
In-Reply-To: <CA+cU71=ws7Uh6OuJhMdU521Uvm1zj=agb3HPNZudpX1R6v7mXA@mail.gmail.com>
X-Enigmail-Version: 1.5.2
OpenPGP: id=98EED379; url=https://elzevir.fr/gpg/mpg.asc
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Using Brainpool curves in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 14:25:33 -0000
On 16/10/2013 15:32, Tom Ritter wrote: > I'm not sure I agree with them fully, but I also don't have very much > context. (My thoughts when reading that is "Why sqrt(2) and sqrt(3) > instead of pi and e - what makes those constants more trustworthy?") > I think the point is not that sqrt(2) and sqrt(3) would be better constants that pi, e, or any other constant. It's just that there are a few bits of freedom in the choice of parameters, which makes the curve "not fully rigid". This is obviously not a security concern unless you believe there is a class of weak curves with quite high density, which would IMO be very bad news for ECC in general, not only these particular curves. Which is probably why the authors of the page chose a nice green color and check symbol for both "fully rigid" and "somewhat rigid", as opposed to the frightening red color of the other classe of curves. Manuel.
- [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Patrick Pelletier
- Re: [TLS] Using Brainpool curves in TLS Peter Gutmann
- Re: [TLS] Using Brainpool curves in TLS Dr Stephen Henson
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Dr Stephen Henson
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Martin Rex
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Martin Rex
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Tom Ritter
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Michael D'Errico
- Re: [TLS] Using Brainpool curves in TLS Anders Rundgren
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Peter Gutmann