[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECC curve ID

To: Andrey Jivsov <openpgp@xxxxxxxxxxxx>
Subject: Re: ECC curve ID
From: Werner Koch <wk@xxxxxxxxx>
Date: Wed, 21 May 2008 18:27:09 +0200
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <482D30C4.80402@xxxxxxxxxxxx> (Andrey Jivsov's message of "Thu, 15 May 2008 23:59:16 -0700")
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Openpgp: id=5B0358A2; url=finger:wk@xxxxxxxxxxx
Organisation: g10 Code GmbH
References: <87lk564ctl.fsf@xxxxxxxxxxxxxxxxxxxxx> <47C5F2BD.6030003@xxxxxxxxxxxx> <87r6d4eu4g.fsf@xxxxxxxxxxxxxxxxxxxxx> <4808ECD9.8050204@xxxxxxxxxxxx> <87hcddjca0.fsf@xxxxxxxxxxxxxxxxxxxxx> <482D30C4.80402@xxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.110007 (No Gnus v0.7)

On Fri, 16 May 2008 08:59, openpgp@xxxxxxxxxxxx said:

> 2. Different curve is not the same as different RSA key size.

What I want to express withn that comparision is that we already have a
wide range of parameters in addtion to the algorithm ID.  The curve ID
is just another parameter, or well a short-name for the curve
parameters.

> performance reasons. Implementations will achieve better performance
> by tuning the code for each underlying field at compile time, or, in
> case of hardware, this may be done by the manufacturing time.

They may still do this. I can't see that as an argument pro or con a
fixed list of curves.

> Conversely, even when RSA is implemented in hardware, a parameter to
> RSA key size is almost certainly a variable in software. There is
> nothing to gain by separately implementing RSA 2048 and RSA 4096
> operations.

I disagree.  Even pure software implementations are often tuned for
certain key sizes (e.g. to use the Karatsuba algorithm only for certain
sizes).  With hardware you even need to decide whether the hardware of
software implementation is faster for a certain size.

> support any other curve. Compare this with RSA support. To put this

Or compare that with DSA support.  How that we have DSA-2 many
implemtations fail because they can't cope with >1k DSA keys. That is a
similar interoperability issue as with new curve IDs.

> base, while my RSA implementation is capable of handling any key size
> within a reasonable range.

And what about DSA implementations?


> ==================================================================
> A: Keep current text regarding the procedure to approve new curves
>    (for/against)
> ==================================================================
> B: Keep current method to encode curve IDs as numeric IDs
>    (for/against)
> ==================================================================
> C: Need extension mechanism specified in the draft to add other
>    curves
>    (for/against)
> ==================================================================
>
>
> Andrey:
> 	A: for
> 	B: for
> 	C: against

==============================================================
D: Use an OIDs instead of an algorithm ID and define the NIST curves as MUST.
   (for/against)
==================

Werner:
        A: for (as long as that does not forbit other curves)
        B: against
        C: for (as second best choice)
        D: for



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

References:
- ECC curve ID
  - From: Werner Koch
- Re: ECC curve ID
  - From: Andrey Jivsov
- Re: ECC curve ID
  - From: Werner Koch
- Re: ECC curve ID
  - From: Andrey Jivsov
- Re: ECC curve ID
  - From: Werner Koch
- Re: ECC curve ID
  - From: Andrey Jivsov

Prev by Date: Re: I have a technical idea/change for the ECC draft
Previous by thread: Re: ECC curve ID
Next by thread: Thoughts and suggestions on V5 key format
Index(es):
- Date
- Thread