Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
"Rob P Williams" <rwilliams@certicom.com> Tue, 02 March 2010 15:20 UTC
Return-Path: <rwilliams@certicom.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 304D628C0F0 for <tls@core3.amsl.com>; Tue, 2 Mar 2010 07:20:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.203
X-Spam-Level:
X-Spam-Status: No, score=-5.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvOu8DizQWMr for <tls@core3.amsl.com>; Tue, 2 Mar 2010 07:20:57 -0800 (PST)
Received: from mhs04ykf.rim.net (mhs04ykf.rim.net [216.9.243.82]) by core3.amsl.com (Postfix) with ESMTP id 032DC3A8B48 for <tls@ietf.org>; Tue, 2 Mar 2010 07:20:56 -0800 (PST)
X-AuditID: 0a666446-b7b5aae000007704-4e-4b8d2cd8e752
Received: from XCH38YKF.rim.net ( [10.64.31.208]) by mhs04ykf.rim.net (RIM Mail) with SMTP id 85.4E.30468.8DC2D8B4; Tue, 2 Mar 2010 10:20:56 -0500 (EST)
Received: from XCH57YKF.rim.net ([10.64.31.54]) by XCH38YKF.rim.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 2 Mar 2010 10:20:55 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
content-transfer-encoding: quoted-printable
Date: Tue, 02 Mar 2010 10:20:55 -0500
Message-ID: <7E1DF37F1F42AB4E877E492C308E6AC404450145@XCH57YKF.rim.net>
In-Reply-To: <4B8D279E.4070304@vigilsec.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
Thread-Index: Acq6GNbOnecHdzLAQIa0lW0QtTDMYgAAjFUA
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com> <4B8D279E.4070304@vigilsec.com>
From: Rob P Williams <rwilliams@certicom.com>
To: Russ Housley <housley@vigilsec.com>, tls@ietf.org
X-OriginalArrivalTime: 02 Mar 2010 15:20:55.0451 (UTC) FILETIME=[F407B6B0:01CABA1B]
X-Brightmail-Tracker: AAAAAgAAAZETEUML
Subject: Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 15:20:59 -0000
Hi, You don't need to involve IANA if you just follow RFC 4492... Section 5.1.1: Values 0xFF01 and 0xFF02 indicate that the client supports arbitrary prime and characteristic-2 curves, respectively (the curve parameters must be encoded explicitly in ECParameters). -----Original Message----- From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Russ Housley Sent: Tuesday, March 02, 2010 9:59 AM To: tls@ietf.org Subject: Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry I do not object to an additional code point being registered as long as there is a document to explain how it works. However, I also want to understand the intellectual property issues, if any. People have been slow to adopt elliptic curve crypto due to intellectual property concerns, which has prompted at least one document (http://www.ietf.org/id/draft-mcgrew-fundamental-ecc-02.txt) on the topic. Russ On 3/1/2010 7:20 PM, Adam Langley wrote: > We would like to start testing EC DHE in order to give our users > forward-secrecy. > > In order to do this cheaply, one of the curves that we would like to > test with is curve25519[1]. There are several implementations of it > [2][3][4] and it's 3-4x faster than NIST's p256 (as implemented in > OpenSSL), while being constant-time. > > Curve25519 doesn't currently appear on IANA's list of named curves[5] > and we would like to see it included. > > As a first step I'd like to ask if there are any objections? > > > Cheers > > AGL > > > [1] http://cr.yp.to/ecdh/curve25519-20060209.pdf > [2] http://cr.yp.to/ecdh.html > [3] http://code.google.com/p/curve25519-donna/ > [4] http://bench.cr.yp.to/results-dh.html > [5] http://www.iana.org/assignments/tls-parameters/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
- [TLS] Testing consensus for adding curve25519 to … Adam Langley
- Re: [TLS] Testing consensus for adding curve25519… Russ Housley
- Re: [TLS] Testing consensus for adding curve25519… Rob P Williams
- Re: [TLS] Testing consensus for adding curve25519… Patrick Pelletier
- Re: [TLS] Testing consensus for adding curve25519… Douglas Stebila
- Re: [TLS] Testing consensus for adding curve25519… Douglas Stebila
- Re: [TLS] Testing consensus for adding curve25519… Nick Mathewson
- [TLS] Curve25519 in TLS Simon Josefsson
- Re: [TLS] Testing consensus for adding curve25519… Nico Williams
- Re: [TLS] Testing consensus for adding curve25519… Douglas Stebila
- Re: [TLS] Testing consensus for adding curve25519… Dan Brown
- Re: [TLS] Curve25519 in TLS Rob Stradling
- Re: [TLS] Testing consensus for adding curve25519… Nick Mathewson
- Re: [TLS] Testing consensus for adding curve25519… Dan Brown
- Re: [TLS] Curve25519 in TLS Simon Josefsson
- Re: [TLS] Testing consensus for adding curve25519… Douglas Stebila
- Re: [TLS] Curve25519 in TLS Kyle Hamilton
- Re: [TLS] Curve25519 in TLS Rob Stradling
- Re: [TLS] Curve25519 in TLS Yoav Nir
- Re: [TLS] Curve25519 in TLS Dan Brown
- Re: [TLS] Curve25519 in TLS Bodo Moeller
- [TLS] Koblitz curves [was RE: Curve25519 in TLS] Dan Brown
- Re: [TLS] Curve25519 in TLS Rob Stradling
- Re: [TLS] Curve25519 in TLS Simon Josefsson
- Re: [TLS] Curve25519 in TLS Rob Stradling
- Re: [TLS] Curve25519 in TLS Nico Williams
- Re: [TLS] Curve25519 in TLS Rob Stradling
- Re: [TLS] Curve25519 in TLS Paul Bakker
- Re: [TLS] Curve25519 in TLS Yoav Nir
- Re: [TLS] Curve25519 in TLS Rob Stradling
- [TLS] Curve25519 in TLS Simon Josefsson
- [TLS] Ed25519 for PKIX Simon Josefsson
- Re: [TLS] Ed25519 for PKIX Adam Langley
- Re: [TLS] Ed25519 for PKIX Simon Josefsson
- Re: [TLS] Curve25519 in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Curve25519 in TLS Martin Rex
- Re: [TLS] Curve25519 in TLS Juho Vähä-Herttua
- Re: [TLS] Curve25519 in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Curve25519 in TLS Watson Ladd
- Re: [TLS] Curve25519 in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Curve25519 in TLS Simon Josefsson
- Re: [TLS] Curve25519 in TLS Martin Rex
- Re: [TLS] Curve25519 in TLS Nico Williams