Re: [TLS] Using ECC Brainpool curves with TLS
Douglas Stebila <douglas@stebila.ca> Fri, 06 July 2012 11:31 UTC
Return-Path: <douglas@stebila.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B914821F878B for <tls@ietfa.amsl.com>; Fri, 6 Jul 2012 04:31:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnZ4SuuMjOdA for <tls@ietfa.amsl.com>; Fri, 6 Jul 2012 04:31:28 -0700 (PDT)
Received: from smtp113.iad.emailsrvr.com (smtp113.iad.emailsrvr.com [207.97.245.113]) by ietfa.amsl.com (Postfix) with ESMTP id 128F221F8787 for <tls@ietf.org>; Fri, 6 Jul 2012 04:31:28 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp41.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id CB04A290156; Fri, 6 Jul 2012 07:31:43 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp41.relay.iad1a.emailsrvr.com (Authenticated sender: douglas-AT-stebila.ca) with ESMTPSA id B308929041E; Fri, 6 Jul 2012 07:31:42 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Douglas Stebila <douglas@stebila.ca>
In-Reply-To: <4FF6A52F.1030308@secunet.com>
Date: Fri, 06 Jul 2012 21:31:37 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <F5AF1F4A-7BF1-4A67-9D94-42A819E0E3BA@stebila.ca>
References: <4FF6A52F.1030308@secunet.com>
To: Johannes Merkle <johannes.merkle@secunet.com>
X-Mailer: Apple Mail (2.1278)
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Using ECC Brainpool curves with TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2012 11:31:28 -0000
On 2012-Jul-6, at 6:43 PM, Johannes Merkle wrote: > [Question 4] In RFC 5639, for each of the bit lengths 160, 192, 224, 256, 320, 384, 512 two curves are defined, one > being the "quadratic twist" of the other having the same algebraic structure (and hence, security level), but one of > them allows particular efficient arithmetic. In order to leave the choice of the curve for a given bit length to the > implementation we propose to register IANA values (for EC Named Curve) for both curves for each bit length. Of course, > this doubles the number of number assignments. Does anyone consider this a problem? One alternative would be to use an extension, similar to the Supported Points Format Extension, to indicate whether to use the twisted form or the original form. Or in fact define the twisted form as just another ECPointFormat. But you could also ask the question: if the quadratic twist is more efficient, will anyone ever use the untwisted version? If not, then perhaps you could just standardize the twisted version alone, reducing the number of combinations to be tested and supported. Douglas
- [TLS] Using ECC Brainpool curves with TLS Johannes Merkle
- Re: [TLS] Using ECC Brainpool curves with TLS Douglas Stebila
- Re: [TLS] Using ECC Brainpool curves with TLS Johannes Merkle
- Re: [TLS] Using ECC Brainpool curves with TLS Michael Staubermann
- Re: [TLS] Using ECC Brainpool curves with TLS Johannes Merkle