IETF Logo Mail Archive

Re: [TLS] Curve25519 in TLS and Additional Curves in TLS

Yoav Nir <ynir.ietf@gmail.com> Wed, 09 April 2014 16:09 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DE231A03A1 for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 09:09:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfQ1V5EWntDw for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 09:09:40 -0700 (PDT)
Received: from mail-ee0-x22e.google.com (mail-ee0-x22e.google.com [IPv6:2a00:1450:4013:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 573231A03B8 for <tls@ietf.org>; Wed, 9 Apr 2014 09:09:40 -0700 (PDT)
Received: by mail-ee0-f46.google.com with SMTP id t10so2066337eei.33 for <tls@ietf.org>; Wed, 09 Apr 2014 09:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uH6/OuwRWl4j/4Ulv7R+wx4qOpn6HuZLA+32wlN1q0g=; b=PwfosChkZPiH2SZsnVGXtNHvZZkAl1m+4SixyJKFDVJgMrN94MTfAj2lHBx4+07+7+ 5dWFbRo8opXCwx/+z3zPu52DH711BjeR0MdsRSSm4XmTkt03s7Sumd9kuQ+JdaudbO4+ mo8H3o+uJjyemc+2V+KXY80YSndN/w9d5VukZrQm7SKYR8MsRCEsK5MU6hiwCUwoRBBX EUZkEQHysxtOV8wrmvZ5wGdWSvEhBLL0TQJDokHcaTGz5bpk+OlIEuoTj28Lzgi51OjM qzpxjQPJWRkX9qRt/zkru1f8RJJzcBS1C/pMT1ELTsZBkt3boeDqGKZhWib/6YReEWh9 /uSQ==
X-Received: by 10.15.10.3 with SMTP id f3mr13348541eet.1.1397059779399; Wed, 09 Apr 2014 09:09:39 -0700 (PDT)
Received: from [192.168.243.52] ([192.116.177.210]) by mx.google.com with ESMTPSA id e42sm3194523eev.32.2014.04.09.09.09.38 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 09 Apr 2014 09:09:38 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <53456DF1.7080904@brainhub.org>
Date: Wed, 09 Apr 2014 19:09:36 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <29C7A26E-6B79-44F0-ADFD-C14FFB4AA6BC@gmail.com>
References: <87ob3456s1.fsf@latte.josefsson.org> <20140402164340.GA14790@roeckx.be> <20140407115102.3011d2e5@latte.josefsson.org> <CACsn0cmFLO2n8d-FVVb4wu=G5T88E7rRd8b=eYo-1uMZnMxkOQ@mail.gmail.com> <5344BD77.2020106@fifthhorseman.net> <2A0EFB9C05D0164E98F19BB0AF3708C7120AC18CAE@USMBX1.msg.corp.akamai.com> <1397044231.4019.4.camel@dhcp-2-127.brq.redhat.com> <4abda243-3fc2-4087-92f8-3db02769384f@email.android.com> <1397048457.4019.22.camel@dhcp-2-127.brq.redhat.com> <CACsn0ckyaGO9hqn7pDVE2VR-TWs5v+Y6NsnCqCvrwFGyUGfZ3A@mail.gmail.com> <53456DF1.7080904@brainhub.org>
To: Andrey Jivsov <crypto@brainhub.org>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/fMjgss9H1v0kNfKsYpBd_vA-AsU
Cc: tls@ietf.org
Subject: Re: [TLS] Curve25519 in TLS and Additional Curves in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 16:09:45 -0000

On Apr 9, 2014, at 6:57 PM, Andrey Jivsov <crypto@brainhub.org> wrote:

> Re endianess,
> 
> shouldn't the decision here be based on the current distribution of little v.s. big endian architecture on CPUs that are likely used in TLS servers and accelerators?
> 
> ( It doesn't matter much for end-clients, I suppose. One may argue that this doesn't matter for the rest either. But then the argument goes that the big endian is the traditional canonical representation. )

It became the canonical representation when the Internet ran on Sun boxes with Sparc chips, which were Big-endian, and a little bit on other platforms such as mainframes and powerPCs (which were also big-endian) and VAX and Intel (which were little-endian). Now Intel dominates the servers, and the clients are split among Intel and ARM, both of which are little-endian. 

Regardless, reversing a string of bytes is such an efficient process, that it probably makes no measurable difference in performance which way the bits on the wire are read and written.

I think the decision should be made based on convenience and the chance for errors, although I can’t tell which way that goes. BTW: the same decision should be made for ChaCha/Salsa and Poly1305.

Yoav

v2.23.0 | Report a Bug | By Email