IETF Logo Mail Archive

Re: [TLS] Should we require compressed points

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 22 October 2014 18:15 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E71F41ACF18 for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 11:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RrXBkRIA3mRj for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 11:15:13 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0117.outbound.protection.outlook.com [207.46.100.117]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36FA81ACEED for <tls@ietf.org>; Wed, 22 Oct 2014 11:15:13 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB420.namprd03.prod.outlook.com (10.141.92.25) with Microsoft SMTP Server (TLS) id 15.0.1054.13; Wed, 22 Oct 2014 18:15:11 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.1054.004; Wed, 22 Oct 2014 18:15:11 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Should we require compressed points
Thread-Index: AQHP7T7GIZmtj79MzkKyCxpOg7rXUJw8aWnQ
Date: Wed, 22 Oct 2014 18:15:11 +0000
Message-ID: <1799fe49d54b4d43acc26778b9265c8a@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CABcZeBMqdwWTFxGAqaC9PqhzbgZM5yOf2TTq7pVCjyw_X+3Zkg@mail.gmail.com>
In-Reply-To: <CABcZeBMqdwWTFxGAqaC9PqhzbgZM5yOf2TTq7pVCjyw_X+3Zkg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e8:ed31::3]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB420;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 037291602B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(189002)(199003)(20776003)(19617315012)(4396001)(95666004)(99286002)(64706001)(31966008)(16236675004)(15202345003)(107046002)(107886001)(87936001)(33646002)(74316001)(106356001)(19300405004)(2656002)(40100003)(108616004)(85306004)(76176999)(15975445006)(54356999)(85852003)(122556002)(19580395003)(19580405001)(19609705001)(21056001)(50986999)(92566001)(76576001)(46102003)(76482002)(86362001)(105586002)(106116001)(19625215002)(80022003)(99396003)(86612001)(2501002)(101416001)(120916001)(97736003)(3826002)(24736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB420; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_1799fe49d54b4d43acc26778b9265c8aBL2PR03MB419namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lTZBo7COoKX7pH62RyysxaBJIuY
Subject: Re: [TLS] Should we require compressed points
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 18:15:16 -0000

A few considerations:

-          The “IPR has expired” statement will require legal validation before an implementer can bake point compression into products;

-          Fewer bytes on the wire/more CPU is a good tradeoff in some scenarios, but probably not in every scenario;

-          Requiring support for point compression imposes additional (even if relatively minor, in the scale of things) cost for TLS1.3 implementers.

What are the reasons for getting rid of uncompressed points?

Cheers,

Andrei

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla
Sent: Tuesday, October 21, 2014 7:52 AM
To: tls@ietf.org
Subject: [TLS] Should we require compressed points

https://github.com/tlswg/tls13-spec/issues/80

Today we discussed the possibility of requiring support for compressed points
in TLS 1.3 now that the IPR has expired.

Specifically, I propose that for TLS 1.3, we:

- Use only compressed points for the existing curves (and presumably
  whatever superior format is defined for the CFRG-recommended
  curves, as appropriate).

- Deprecate the Supported Point Formats extension for TLS 1.3


For RFC 4492-bis, we might also consider requiring support for compressed
points as well as uncompressed (already required) but this seems like a
separable issue, since it's mostly in service of optimization rather than
simplicity.

What do people think?
-Ekr

v2.36.0 | Report a Bug | By Email | System Status