Re: [TLS] Using Brainpool curves in TLS

Nico Williams <nico@cryptonector.com> Thu, 17 October 2013 16:40 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5137211E8295 for <tls@ietfa.amsl.com>; Thu, 17 Oct 2013 09:40:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.946
X-Spam-Level:
X-Spam-Status: No, score=-1.946 tagged_above=-999 required=5 tests=[AWL=-0.269, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DRlQKYghZdjs for <tls@ietfa.amsl.com>; Thu, 17 Oct 2013 09:40:42 -0700 (PDT)
Received: from homiemail-a105.g.dreamhost.com (caiajhbdcahe.dreamhost.com [208.97.132.74]) by ietfa.amsl.com (Postfix) with ESMTP id 2DC6411E81BE for <tls@ietf.org>; Thu, 17 Oct 2013 09:40:42 -0700 (PDT)
Received: from homiemail-a105.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a105.g.dreamhost.com (Postfix) with ESMTP id EAE7F2005D90B for <tls@ietf.org>; Thu, 17 Oct 2013 09:40:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=J6h60fYCjXs1GlChzQmyhe1lfBY=; b=V0OimawPHNp l4AUTcr+bWgvW4VkprfCMb6/jvxolA4gLTpYJNRobKKGhei7tWoBIyquz9ZwoFkg ITB6lBVQif3JEfzSeFNApeJLO1oJ5dslxRQra536OLqiz4iRW9DdJC0xK9WZABGy ceE2sKxCZ/rY5JvkFhpUh8ili7N1Dhyw=
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a105.g.dreamhost.com (Postfix) with ESMTPSA id 8FEA52005D90A for <tls@ietf.org>; Thu, 17 Oct 2013 09:40:41 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id n12so2578851wgh.5 for <tls@ietf.org>; Thu, 17 Oct 2013 09:40:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=cx79hANOnpe2kj+bB/JKkcuIec3/KsBUVXw5yB2iSXw=; b=M5ViLnNSx6CnYXDIafjBtmHFQHSKn6gTJFc0HYwktBwxO+lBu5TAnkt7vY6+FImM8I LbU4YzAOC688/F3TtnXJVh6YiOmZ6fSfzxJE/72azTIhVNwV7tn+cns4sUKhH9Voc74t LI9idd6ex2MbG9pPiwjn/xRTQtJqD4/KX22VSl34q/tp+Rb2umNaWAGiN1kCJUMcVOGG i9etGNSitMd1AqVTxXo7VwoecSQDOCh6YW33jjUEtnXeC2aqGp8aJ9k+mubrNv5Jly8q t2oWG2tsoJXjRR7YYLhWRTfpFbO5VZvgjXiw4fH610O9RjjdvcdcSxA5ogds63gtEsIg Op5A==
MIME-Version: 1.0
X-Received: by 10.180.198.79 with SMTP id ja15mr7689623wic.36.1382028040041; Thu, 17 Oct 2013 09:40:40 -0700 (PDT)
Received: by 10.216.151.136 with HTTP; Thu, 17 Oct 2013 09:40:39 -0700 (PDT)
In-Reply-To: <52600F6B.3020404@elzevir.fr>
References: <525C11B5.2050604@secunet.com> <525CEFA4.2030903@funwithsoftware.org> <01b901cec9a0$004e12b0$00ea3810$@offspark.com> <CACsn0ckOnrQTOLdUo9gT8hbTx4cEqX9CP6=BRFYtpV1CpT7HXQ@mail.gmail.com> <525E3E6B.1020604@secunet.com> <CA+cU71=ws7Uh6OuJhMdU521Uvm1zj=agb3HPNZudpX1R6v7mXA@mail.gmail.com> <525EAC5D.7080105@secunet.com> <CACsn0cmWpj1ax+S+wTVvVU09SC_z50X=yfhDDgaq1M0AQD2jOw@mail.gmail.com> <525EB695.9070607@secunet.com> <CAK3OfOhhxPPFTE9He+vf3BsJL4qiRgty6T9TgO2QXz7n=kbpnA@mail.gmail.com> <525FA70F.8030208@secunet.com> <CAK3OfOjkoyMkJO5xO0i2AxDr57tuUw9pVM5=c2hVO_ihwmKP3w@mail.gmail.com> <52600F6B.3020404@elzevir.fr>
Date: Thu, 17 Oct 2013 11:40:39 -0500
Message-ID: <CAK3OfOih+uaoQcexEaZYk2bHZAGtD-G1Y_UDJW-qxPnB44Ebyg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: =?UTF-8?Q?Manuel_P=C3=A9gouri=C3=A9=2DGonnard?= <mpg@elzevir.fr>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Using Brainpool curves in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 16:40:49 -0000

On Thu, Oct 17, 2013 at 11:25 AM, Manuel Pégourié-Gonnard
<mpg@elzevir.fr>; wrote:
> On 17/10/2013 17:55, Nico Williams wrote:
>> The fact that some curve has twist
>> security means that for DH there's no need to validate that public
>> keys are points on the curve
>
> Not if your peer sends you (x, y). Your statement is true only in ECDH schemes
> where the peers sends only x (and you don't attempt to find y).

Fair enough, but as the subject was Brainpool vs. Curve25519...