IETF Logo Mail Archive

Re: [TLS] Curve25519 in TLS and Additional Curves in TLS

Manuel Pégourié-Gonnard <mpg@polarssl.org> Thu, 03 April 2014 19:15 UTC

Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28FE61A02B8 for <tls@ietfa.amsl.com>; Thu, 3 Apr 2014 12:15:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.994
X-Spam-Level:
X-Spam-Status: No, score=0.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, J_CHICKENPOX_75=0.6, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DyWJRtBlJHy for <tls@ietfa.amsl.com>; Thu, 3 Apr 2014 12:15:21 -0700 (PDT)
Received: from vps2.brainspark.nl (vps2.brainspark.nl [141.138.204.106]) by ietfa.amsl.com (Postfix) with ESMTP id D0F2F1A0295 for <tls@ietf.org>; Thu, 3 Apr 2014 12:15:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:CC:To:MIME-Version:From:Date:Message-ID; bh=HJIqkqqk93Y/H5jO2U6al65uNdOHQ2Ovbg2wUr1QuJE=; b=AIr+3J7G2S1EEXpQ/OUrXzuESfO4zWVY3fXnGPIj0XU4sjuaeDRpJIb/GyPuyoYbpNZ4i0WwqV2wRVQhilJaT4gCbubS/qDuc7cgKqfuoB0znWa+sp2gT/5brsF5VH27XvWD6lUkiDgky12tnD38Rkxd1Jj7wCYfoTOj8bAciOo=;
Received: from thue.elzevir.fr ([88.165.216.11] helo=[192.168.0.124]) by vps2.brainspark.nl with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1WVn6I-0001th-1c; Thu, 03 Apr 2014 21:14:59 +0200
Message-ID: <533DB33C.2060106@polarssl.org>
Date: Thu, 03 Apr 2014 21:15:08 +0200
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Andrey Jivsov <crypto@brainhub.org>, "tls@ietf.org" <tls@ietf.org>
References: <87ob3456s1.fsf@latte.josefsson.org> <20140402164340.GA14790@roeckx.be> <533C554A.7080607@akr.io> <533CF9C5.7030107@brainhub.org> <533D2207.807@polarssl.org> <CACsn0cmevdjDv0TgS3mczcxpeSz=1cbc3Wp_d--VeXqvPgitww@mail.gmail.com> <533D9BEA.9030907@brainhub.org>
In-Reply-To: <533D9BEA.9030907@brainhub.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 88.165.216.11
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.brainspark.nl)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/pR7OkyXeNAPGwAOtoc2UW5XuRXg
Subject: Re: [TLS] Curve25519 in TLS and Additional Curves in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 19:15:25 -0000

On 03/04/2014 19:35, Andrey Jivsov wrote:
> My reply regarding the current draft with clarification from Manuel follows:
> 
> RFC 5246 is listed as a normative reference. As such, it defines the the 
> encoding for the
> 
>     opaque something <1..2^8-1>
> 
> The reader is expected to know that "something" is encoded with an additional byte for the length. Thus, I find the item (2) in sec. 2.3 confusing (IMHO more confusing than helpful).
> 
>>     Note that ECPoint.point differs from the definition of public keys in
>>     [Curve25519  <http://tools.ietf.org/html/draft-josefsson-tls-curve25519-04#ref-Curve25519>] in two ways: (1) the byte-ordering is big-endian, wich
>>     is more uniform with how big integers are represented in TLS, and (2)
>>     there is an additional length byte (so ECpoint.point is actually 33
>>     bytes), again for uniformity (and extensibility).
> 
> Would the following be clearer:
> 
>> Unlike the definition of public keys specified in [Curve25519],
>> ECPoint.point uses big-endian byte ordering. As defined in [RFC5246],
>> the ECPoint.point is serialized with one-byte block size. The payload must be 32
>> bytes, even when one or more leading bytes are zeros.
> 
Thanks for the helpful suggestion.

Manuel.

v2.23.0 | Report a Bug | By Email