IETF Logo Mail Archive

Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry

"Rob P Williams" <rwilliams@certicom.com> Tue, 02 March 2010 15:20 UTC

Return-Path: <rwilliams@certicom.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 304D628C0F0 for <tls@core3.amsl.com>; Tue, 2 Mar 2010 07:20:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.203
X-Spam-Level:
X-Spam-Status: No, score=-5.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvOu8DizQWMr for <tls@core3.amsl.com>; Tue, 2 Mar 2010 07:20:57 -0800 (PST)
Received: from mhs04ykf.rim.net (mhs04ykf.rim.net [216.9.243.82]) by core3.amsl.com (Postfix) with ESMTP id 032DC3A8B48 for <tls@ietf.org>; Tue, 2 Mar 2010 07:20:56 -0800 (PST)
X-AuditID: 0a666446-b7b5aae000007704-4e-4b8d2cd8e752
Received: from XCH38YKF.rim.net ( [10.64.31.208]) by mhs04ykf.rim.net (RIM Mail) with SMTP id 85.4E.30468.8DC2D8B4; Tue, 2 Mar 2010 10:20:56 -0500 (EST)
Received: from XCH57YKF.rim.net ([10.64.31.54]) by XCH38YKF.rim.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 2 Mar 2010 10:20:55 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
content-transfer-encoding: quoted-printable
Date: Tue, 02 Mar 2010 10:20:55 -0500
Message-ID: <7E1DF37F1F42AB4E877E492C308E6AC404450145@XCH57YKF.rim.net>
In-Reply-To: <4B8D279E.4070304@vigilsec.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
Thread-Index: Acq6GNbOnecHdzLAQIa0lW0QtTDMYgAAjFUA
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com> <4B8D279E.4070304@vigilsec.com>
From: Rob P Williams <rwilliams@certicom.com>
To: Russ Housley <housley@vigilsec.com>, tls@ietf.org
X-OriginalArrivalTime: 02 Mar 2010 15:20:55.0451 (UTC) FILETIME=[F407B6B0:01CABA1B]
X-Brightmail-Tracker: AAAAAgAAAZETEUML
Subject: Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 15:20:59 -0000

Hi,

You don't need to involve IANA if you just follow RFC 4492...

Section 5.1.1:

  Values
      0xFF01 and 0xFF02 indicate that the client supports arbitrary
      prime and characteristic-2 curves, respectively (the curve
      parameters must be encoded explicitly in ECParameters).



-----Original Message-----
From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of
Russ Housley
Sent: Tuesday, March 02, 2010 9:59 AM
To: tls@ietf.org
Subject: Re: [TLS] Testing consensus for adding curve25519 to the EC
named curve registry

I do not object to an additional code point being registered as long as
there is a document to explain how it works.  However, I also want to
understand the intellectual property issues, if any.  People have been
slow to adopt elliptic curve crypto due to intellectual property
concerns, which has prompted at least one document
(http://www.ietf.org/id/draft-mcgrew-fundamental-ecc-02.txt) on the
topic.

Russ

On 3/1/2010 7:20 PM, Adam Langley wrote:
> We would like to start testing EC DHE in order to give our users
> forward-secrecy.
> 
> In order to do this cheaply, one of the curves that we would like to
> test with is curve25519[1]. There are several implementations of it
> [2][3][4] and it's 3-4x faster than NIST's p256 (as implemented in
> OpenSSL), while being constant-time.
> 
> Curve25519 doesn't currently appear on IANA's list of named curves[5]
> and we would like to see it included.
> 
> As a first step I'd like to ask if there are any objections?
> 
> 
> Cheers
> 
> AGL
> 
> 
> [1] http://cr.yp.to/ecdh/curve25519-20060209.pdf
> [2] http://cr.yp.to/ecdh.html
> [3] http://code.google.com/p/curve25519-donna/
> [4] http://bench.cr.yp.to/results-dh.html
> [5] http://www.iana.org/assignments/tls-parameters/
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

v2.23.0 | Report a Bug | By Email