Re: [TLS] I-D Action: draft-ietf-tls-curve25519-01.txt

Hubert Kario <hkario@redhat.com> Tue, 14 July 2015 08:34 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E72061A909D for <tls@ietfa.amsl.com>; Tue, 14 Jul 2015 01:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5B93oeqyxK2S for <tls@ietfa.amsl.com>; Tue, 14 Jul 2015 01:34:41 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A72B01A9094 for <tls@ietf.org>; Tue, 14 Jul 2015 01:34:41 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id C1F1536506A; Tue, 14 Jul 2015 08:34:40 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t6E8YZXf030554 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Jul 2015 04:34:40 -0400
From: Hubert Kario <hkario@redhat.com>
To: Simon Josefsson <simon@josefsson.org>
Date: Tue, 14 Jul 2015 10:34:26 +0200
Message-ID: <17744104.AefDTyBEY2@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.9 (Linux/4.0.6-200.fc21.x86_64; KDE/4.14.9; x86_64; ; )
In-Reply-To: <87k2u5samu.fsf@latte.josefsson.org>
References: <20150706114814.10143.87075.idtracker@ietfa.amsl.com> <2960351.rch1apE1uy@pintsize.usersys.redhat.com> <87k2u5samu.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2023122.mchXszdtPV"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qESD8pHiPHVTzPxPdtAa187Uk1Q>
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action: draft-ietf-tls-curve25519-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 08:34:43 -0000

On Sunday 12 July 2015 16:39:37 Simon Josefsson wrote:
> Hubert Kario <hkario@redhat.com> writes:
> > As is described in secion 5.1. of RFC 4492, and then reiterated in
> > section 2.2. of this draft - the elliptic_curves (a.k.a. supported_groups)
> > guides both the ECDH curves and curves understandable by peer for ECDSA
> > signatures.
> > 
> > As Curve25519 and Curve448 can only be used for ECDHE, maybe they should
> > be
> > 
> > defined/named in the registry as such, to remove any ambiguity[1]:
> >          enum {
> >          
> >               Curve25519_ecdh(TBD1),
> >               Curve448_ecdh(TBD2),
> >          
> >          } NamedCurve;
> 
> I don't care strongly.  One disadvantage with this is that if we decide
> to reuse these NamedCurve allocations to have something to do with
> Ed25519, the naming above will be confusing.  However, I believe it is
> already likely that Ed25519 will have its own NamedCurve.

Given that there certainly will be implementations that support ecdh and not 
the signatures, we certainly *don't* want to reuse this codepoint for anything 
else.

So unless the PKIX and TLS parts are defined at the same time, in the same 
document, we definitely need to keep them apart.
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic