Re: [TLS] Using Brainpool curves in TLS
mrex@sap.com (Martin Rex) Wed, 16 October 2013 02:52 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C968811E8220 for <tls@ietfa.amsl.com>; Tue, 15 Oct 2013 19:52:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.957
X-Spam-Level:
X-Spam-Status: No, score=-9.957 tagged_above=-999 required=5 tests=[AWL=0.292, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scq-V94vEVhs for <tls@ietfa.amsl.com>; Tue, 15 Oct 2013 19:52:52 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 002CE21F9D30 for <tls@ietf.org>; Tue, 15 Oct 2013 19:52:49 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id r9G2qgsl016328 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 16 Oct 2013 04:52:43 +0200 (MEST)
In-Reply-To: <CAK3OfOhDSeZChAyTUxGnvGWf4U2rV=GzJ=t_xJO_Gaycp=Rm8w@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Date: Wed, 16 Oct 2013 04:52:42 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20131016025242.CDBAD1A9FF@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Using Brainpool curves in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 02:52:57 -0000
Nico Williams wrote: > > > but it is trivial to introduce backdoors into implementations of them. > > Do you mean that it's easier to backdoor implementations of specific > EC curves than, say, RSA? I would think that implementations of... > just about anything can be backdoored with relative ease. I assume that he might have meant what is also indicated on the referenced Web Site http://safecurves.cr.yp.to/ that it is extremely difficult to implement ECC and _NOT_ hang yourself, It would not surprise me at all if the vast majority of ECC implementations would be found to be vulnerable to serious weaknesses, when carefully analyzed, and that the problems found in the RSA part would be *MUCH* smaller in comparison. -Martin
- [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Patrick Pelletier
- Re: [TLS] Using Brainpool curves in TLS Peter Gutmann
- Re: [TLS] Using Brainpool curves in TLS Dr Stephen Henson
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Dr Stephen Henson
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Paul Bakker
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Martin Rex
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Martin Rex
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Tom Ritter
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Michael D'Errico
- Re: [TLS] Using Brainpool curves in TLS Anders Rundgren
- Re: [TLS] Using Brainpool curves in TLS Johannes Merkle
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Nico Williams
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Watson Ladd
- Re: [TLS] Using Brainpool curves in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using Brainpool curves in TLS Peter Gutmann