Re: [TLS] sect571r1

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 16 July 2015 00:10 UTC

Return-Path: <prvs=4639a037fa=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FCC11A1B5A for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 17:10:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5QSOrD5E2eW for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 17:10:33 -0700 (PDT)
Received: from mx1.ll.mit.edu (MX1.LL.MIT.EDU [129.55.12.45]) by ietfa.amsl.com (Postfix) with ESMTP id DF22D1A8861 for <tls@ietf.org>; Wed, 15 Jul 2015 17:10:32 -0700 (PDT)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by mx1.ll.mit.edu (unknown) with ESMTP id t6G0AUHs008327; Wed, 15 Jul 2015 20:10:30 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Brian Smith <brian@briansmith.org>
Thread-Topic: [TLS] sect571r1
Thread-Index: AdC/W9L2JSx8WBrRi0ybYAg/tRHgxw==
Date: Thu, 16 Jul 2015 00:10:29 +0000
Message-ID: <20150716001036.17764416.75486.9550@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="===============1186910850=="
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-07-15_07:2015-07-15,2015-07-15,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1506180000 definitions=main-1507150318
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mEs6rQYof4kFpKmFIiEJTJ2i-Hs>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 00:10:35 -0000

This I absolutely cannot agree. P521 must stay, as part of the supported NIST standard (which BTW we use).

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
From: Brian Smith‎
Sent: Wednesday, July 15, 2015 19:40
To: Tony Arcieri‎
Cc: <tls@ietf.org>
Subject: Re: [TLS] sect571r1
‎
Tony Arcieri <bascule@gmail.com> wrote:
On Wed, Jul 15, 2015 at 2:39 PM, Dave Garrett <davemgarrett@gmail.com> wrote:
It's the most used of the rarely used curves.

I think all "rarely used curves" should be removed from TLS. Specifically, I think it would make sense for TLS to adopt a curve portfolio like this:

- CFRG curves (RECOMMENDED): Curve25519, Ed448-Goldilocks
- NIST curves (SUPPORTED): P-256, P-384, P-521

I agree, except that I think we should get rid of P-521 too.

Cheers,
Brian