Here are my thoughts:
· This group or any other IoT group should not come up with their own algorithm recommendations. Reason: we already have a group working on these recommendations - CFRG · There is no need to talk about new algorithms recommendations. Reason: the recommendations have already been made by the CFRG and the TLS 1.3 spec lists them. · The pace of switching to new crypto algorithm seems to be much slower in the IoT world (for the discussed reasons). I feel there is very little most of us can do to influence the pace. Reason: very few folks work on implementations of crypto algorithms for IoT devices. Ciao Hannes From: Eric Rescorla [mailto:e...@rtfm.com] Sent: 07 June 2018 22:21 To: Michael Richardson Cc: Hannes Tschofenig; ace@ietf.org Subject: Re: [Ace] How to specify DTLS MTI in COAP-EST TBH, I'm not a fan of SHOULD+, etc., and they're pretty alien to TLS, so you should just use words if you want to convey these points. With that said, I don't really understand the objective here: we're generally moving towards the CFRG curves, so what's the reasoning for the P256 MUST and why do you think that will change. -Ekr On Thu, Jun 7, 2018 at 10:41 AM, Michael Richardson <mcr+i...@sandelman.ca<mailto:mcr+i...@sandelman.ca>> wrote: Hannes Tschofenig <hannes.tschofe...@arm.com<mailto:hannes.tschofe...@arm.com>> wrote: > why don't you just reference https://tools.ietf.org/html/rfc7925? Ignorance :-) Thank you, I think that we will reference it then; Section 4.4 includes: At the time of writing, the recommended curve is secp256r1, and the use of uncompressed points follows the recommendation in CoAP. Note that standardization for Curve25519 (for ECDHE) is ongoing (see [RFC7748]), and support for this curve will likely be required in the future. which is what we want to say anyway. > I am not a big fan of making all sorts of different crypto > recommendations in our specs that differ slightly. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca<mailto:m...@sandelman.ca> http://www.sandelman.ca/ | ruby on rails [ _______________________________________________ Ace mailing list Ace@ietf.org<mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace