[Cfrg] Task looming over the CFRG

"Igoe, Kevin M." <kmigoe@nsa.gov> Mon, 05 May 2014 17:58 UTC

Return-Path: <kmigoe@nsa.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 451EF1A0445 for <cfrg@ietfa.amsl.com>; Mon, 5 May 2014 10:58:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.15
X-Spam-Level:
X-Spam-Status: No, score=-6.15 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ihmKmNlpNYtf for <cfrg@ietfa.amsl.com>; Mon, 5 May 2014 10:58:54 -0700 (PDT)
Received: from emvm-gh1-uea09.nsa.gov (emvm-gh1-uea09.nsa.gov [63.239.67.10]) by ietfa.amsl.com (Postfix) with ESMTP id 1C93D1A0433 for <cfrg@irtf.org>; Mon, 5 May 2014 10:58:54 -0700 (PDT)
X-TM-IMSS-Message-ID: <261dc9cf000cbbc7@nsa.gov>
Received: from MSHT-GH1-UEA01.corp.nsa.gov ([10.215.227.18]) by nsa.gov ([63.239.67.10]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 261dc9cf000cbbc7 ; Mon, 5 May 2014 14:01:43 -0400
Received: from MSMR-GH1-UEA10.corp.nsa.gov (10.215.228.27) by MSHT-GH1-UEA01.corp.nsa.gov (10.215.227.18) with Microsoft SMTP Server (TLS) id 14.2.342.3; Mon, 5 May 2014 13:58:49 -0400
Received: from MSMR-GH1-UEA03.corp.nsa.gov ([10.215.224.3]) by MSMR-GH1-UEA10.corp.nsa.gov ([10.215.228.27]) with mapi id 14.01.0289.001; Mon, 5 May 2014 13:58:48 -0400
From: "Igoe, Kevin M." <kmigoe@nsa.gov>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: Task looming over the CFRG
Thread-Index: Ac9oi6oYPJfN8CicTuuHQj1qX4dIoA==
Date: Mon, 05 May 2014 17:58:48 +0000
Message-ID: <3C4AAD4B5304AB44A6BA85173B4675CABAA4022F@MSMR-GH1-UEA03.corp.nsa.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.227.232]
Content-Type: multipart/alternative; boundary="_000_3C4AAD4B5304AB44A6BA85173B4675CABAA4022FMSMRGH1UEA03cor_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/v5osq4S81IRkqW-8vfd9qlferj4
Subject: [Cfrg] Task looming over the CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:58:58 -0000

As most the folks who read this list have noticed, a virtual interim meeting of the CFRG
was held on Tues 29 April to discuss the way forward for elliptic curve cryptography
in the IETF.  This was driven by an earnest plea from the TLS WG for firm guidance from
the CGRG on the selection of elliptic curves for use in TLS.  They need an answer  before
the Toronto IETF meeting in late July.  TLS needs curves for several levels of security (128,
192 and 256), suitable for use in both key agreement and in digital signatures.

*       The consensus of the attendees was that it would be best for TLS to have a single
      "mandatory to implement" curve for each of the three security levels.

*       Though the attendees were reluctant to make a formal commitment, there
      was clearly a great deal of support for the Montgomery curve curve25519 (FYI, the
      25519 refers to the fact that arithmetic is done modulo the prime 2**255 - 19 ).

*       curve25519 only fills one of the three required security levels.  We still need
      curves of size near 384 bits and 512 bits.

*       NIST curves: I doubt TLS will be willing to revisit the question of elliptic curves once the
      CFRG has made their recommendation.  Another option to consider is advising TLS to
      use of the NIST curves in the short term, buying time for the CFRG to do an unrushed
      exploration of the alternatives, drawing academia and other standards bodies into the
      discussion.

P.S.  It has been suggested that the CFRG hold a session at the Crypto conference in
Santa Barbara in an effort to draw in more participation from the academic community.
No guarantees we can pull this off, but it is worth the attempt. Thoughts? Volunteers?

P.P.S. We need to start lining up speakers for the CFRG session at IETF-90 (Toronto).


----------------+--------------------------------------------------
Kevin M. Igoe   | "We can't solve problems by using the same kind
kmigoe@nsa.gov  | of thinking we used when we created them."
                |              - Albert Einstein -
----------------+--------------------------------------------------