Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry

Russ Housley <housley@vigilsec.com> Tue, 02 March 2010 14:58 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6925628C117 for <tls@core3.amsl.com>; Tue, 2 Mar 2010 06:58:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.455
X-Spam-Level:
X-Spam-Status: No, score=-102.455 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p+NHdY1ObIDI for <tls@core3.amsl.com>; Tue, 2 Mar 2010 06:58:32 -0800 (PST)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by core3.amsl.com (Postfix) with ESMTP id 5B60A28C111 for <tls@ietf.org>; Tue, 2 Mar 2010 06:58:32 -0800 (PST)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id B67529A4730 for <tls@ietf.org>; Tue, 2 Mar 2010 09:58:50 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id p7hwLClkqAI2 for <tls@ietf.org>; Tue, 2 Mar 2010 09:58:29 -0500 (EST)
Received: from [192.168.2.106] (pool-96-255-37-236.washdc.fios.verizon.net [96.255.37.236]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id C7BBA9A471B for <tls@ietf.org>; Tue, 2 Mar 2010 09:58:49 -0500 (EST)
Message-ID: <4B8D279E.4070304@vigilsec.com>
Date: Tue, 02 Mar 2010 09:58:38 -0500
From: Russ Housley <housley@vigilsec.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: tls@ietf.org
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com>
In-Reply-To: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 14:58:33 -0000

I do not object to an additional code point being registered as long as
there is a document to explain how it works.  However, I also want to
understand the intellectual property issues, if any.  People have been
slow to adopt elliptic curve crypto due to intellectual property
concerns, which has prompted at least one document
(http://www.ietf.org/id/draft-mcgrew-fundamental-ecc-02.txt) on the topic.

Russ

On 3/1/2010 7:20 PM, Adam Langley wrote:
> We would like to start testing EC DHE in order to give our users
> forward-secrecy.
> 
> In order to do this cheaply, one of the curves that we would like to
> test with is curve25519[1]. There are several implementations of it
> [2][3][4] and it's 3-4x faster than NIST's p256 (as implemented in
> OpenSSL), while being constant-time.
> 
> Curve25519 doesn't currently appear on IANA's list of named curves[5]
> and we would like to see it included.
> 
> As a first step I'd like to ask if there are any objections?
> 
> 
> Cheers
> 
> AGL
> 
> 
> [1] http://cr.yp.to/ecdh/curve25519-20060209.pdf
> [2] http://cr.yp.to/ecdh.html
> [3] http://code.google.com/p/curve25519-donna/
> [4] http://bench.cr.yp.to/results-dh.html
> [5] http://www.iana.org/assignments/tls-parameters/