Re: [TLS] Additional Elliptic Curves (Curve25519 etc) for TLS ECDH key agreement

"Salz, Rich" <rsalz@akamai.com> Sun, 12 January 2014 19:21 UTC

From: "Salz, Rich" <rsalz@akamai.com>
To: "tls@ietf.org" <tls@ietf.org>, "Stephen Farrell (stephen.farrell@cs.tcd.ie)" <stephen.farrell@cs.tcd.ie>, "Sean Turner (turners@ieca.com)" <turners@ieca.com>
Date: Sun, 12 Jan 2014 14:21:16 -0500
Thread-Topic: [TLS] Additional Elliptic Curves (Curve25519 etc) for TLS ECDH key agreement
Thread-Index: Ac8Pr/8VO9F1c/nhTsmmkBsl/ZuFHwAGrM6w
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C711E8766BFF@USMBX1.msg.corp.akamai.com>
References: <87eh4e7a2y.fsf@latte.josefsson.org> <52D17F30.1090008@drh-consultancy.co.uk> <52D2AB07.7010806@polarssl.org> <52D2B678.7010302@drh-consultancy.co.uk> <52D2BD0B.1020007@polarssl.org>
In-Reply-To: <52D2BD0B.1020007@polarssl.org>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Simon Josefsson <simon@josefsson.org>
Subject: Re: [TLS] Additional Elliptic Curves (Curve25519 etc) for TLS ECDH key agreement
Precedence: list

I don't want this question to get lost in the general discussion so I am explicitly addressing this to the AD's

>> I think we should keep this consistency and have the point format for 
>> the new curves defined in one standard, whatever that might be.

> Since this format may be used by more than just TLS, and was originally defined outside the IETF, what would
> be the most appropriate place to discuss extending it?

Some folks have been working on a concrete proposal, which is that we "take" 0x41 as a new marker byte in ECPoint, and use that to mean "key format defined by the curve"  Ask IANA to maintain a curve point-format registry.  For example, Curve25519 would have 0x41 followed by the 32 bytes of x-value for the key.

So, where should such a document be started?

Many of us are feeling pressure to implement ECDHA to get PFS for our customers, and see the efficiency of Curve25519 as very important.  That is, the  clock is ticking...

	/r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA

[TLS] Additional Elliptic Curves (Curve25519 etc)… Simon Josefsson
Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
Re: [TLS] Additional Elliptic Curves (Curve25519 … Alyssa Rowan
Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
Re: [TLS] Additional Elliptic Curves (Curve25519 … Alyssa Rowan
Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
Re: [TLS] Additional Elliptic Curves (Curve25519 … Kurt Roeckx
Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
Re: [TLS] Additional Elliptic Curves (Curve25519 … Matt Caswell
Re: [TLS] Additional Elliptic Curves (Curve25519 … Stephen Farrell
Re: [TLS] Additional Elliptic Curves (Curve25519 … Eric Rescorla
Re: [TLS] Additional Elliptic Curves (Curve25519 … Matt Caswell
Re: [TLS] Additional Elliptic Curves (Curve25519 … Eric Rescorla
Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
Re: [TLS] Additional Elliptic Curves (Curve25519 … Matt Caswell
Re: [TLS] Additional Elliptic Curves (Curve25519 … Peter Gutmann
Re: [TLS] Additional Elliptic Curves (Curve25519 … Ilari Liusvaara
Re: [TLS] Additional Elliptic Curves (Curve25519 … Peter Gutmann
Re: [TLS] Additional Elliptic Curves (Curve25519 … Ilari Liusvaara
Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
Re: [TLS] Additional Elliptic Curves (Curve25519 … Ilari Liusvaara
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
Re: [TLS] Additional Elliptic Curves (Curve25519 … Alex Elsayed
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Kurt Roeckx
Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
Re: [TLS] Additional Elliptic Curves (Curve25519 … Robert Ransom
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
Re: [TLS] Additional Elliptic Curves (Curve25519 … Dr Stephen Henson
Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
Re: [TLS] Additional Elliptic Curves (Curve25519 … Sean Turner
Re: [TLS] Additional Elliptic Curves (Curve25519 … Sean Turner
Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
Re: [TLS] Additional Elliptic Curves (Curve25519 … Jim Schaad
Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Adam Langley
Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
Re: [TLS] Additional Elliptic Curves (Curve25519 … Manuel Pégourié-Gonnard
Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd
Re: [TLS] Additional Elliptic Curves (Curve25519 … Salz, Rich
Re: [TLS] Additional Elliptic Curves (Curve25519 … Yoav Nir
Re: [TLS] Additional Elliptic Curves (Curve25519 … Watson Ladd