Hi,
Thank you very much for your information on Camellia, SEED, and ECDSA.
There are some security issues
for implementers - I'm no ECC security expert so I can only refer to
this excellent article by Prof.
Bernstein:http://blog.cr.yp.to/20140323-ecdsa.html
I do not know a lot about cache-timing attacks, but I think that a
setting of the paper by Naomi Benger et al. is different from TLS-BCP
draft. (the paper: secp256k1, TLS-BCP: brainpoolp256r1, secp256r1)
What do you think about it?
Best,
Kohei KASMATSU
(2014/07/30 22:34), Aaron Zauner wrote:
Hi *,
Ralph Holz wrote:
Is it implemented in IE? Is it supported by Chrome? If the answer to one
of these questions is No, it should not be included in the BCP. Same
goes for Seed. I have no data here - anyone?
Both are not implemented by Microsoft SChannel to the best of my
knowledge (http://technet.microsoft.com/en-us/library/dn786419.aspx) -
i.e. Internet Explorer does not support them. CAMELLIA is no longer
included to be supported by Firefox (it is supported by NSS though).
singnature:
* ECDSA
- is based on ECDLP (the security of RSA is based on
integer factring.)
- is implemented in OpenSSL 1.0.2, GnuTLS 3.3.5, NSS 3.15.1 and so on.
Same questions.
ECDSA is widely implemented as of today. There are some security issues
for implementers - I'm no ECC security expert so I can only refer to
this excellent article by Prof.
Bernstein:http://blog.cr.yp.to/20140323-ecdsa.html
Aaron
On Wed, Jul 30, 2014 at 12:35 PM, Ralph Holz <[email protected]> wrote:
Hi,
I am referring to symmetric key encryption, signature, mode of
operations for constructing AEAD, and MAC.
(as you pointed out, we already have alternatives for public key
encryption)
Do you agree with the necessity of alternative algorithms?
I appreciate your concerns here, but I can only agree with it to some
degree, and inclusion in this version of the BCP is probably not a good
idea. Maybe adding a subsection on alternative algorithms in case of a
crypto break-through (e.g. on AES) is an option, but even here I am
skeptical.
Adding equivalent alternatives in the BCP without that understanding
would be agains the intention of the BCP, IMO.
As for the algorithms, I have some doubts:
[Rationale]
symmetric key encryption:
* Camellia
- have different design policy (Feistel Structure) from AES
(SPN Structure)
- is implemented in OpenSSL 1.0.2, GnuTLS 3.3.5, NSS 3.15.1 and so on.
Is it implemented in IE? Is it supported by Chrome? If the answer to one
of these questions is No, it should not be included in the BCP. Same
goes for Seed. I have no data here - anyone?
singnature:
* ECDSA
- is based on ECDLP (the security of RSA is based on
integer factring.)
- is implemented in OpenSSL 1.0.2, GnuTLS 3.3.5, NSS 3.15.1 and so on.
Same questions.
mode of operations: -
[CCM]
I see no reason to include this here - support seems to be lacking.
MAC: -
* There is only HMAC as alternative algorithm and
And there is HMAC-SHA-3 as candidate of alternative hash function.
Same reason here.
Ralph
--
Ralph Holz
I8 - Network Architectures and Services
Technische Universit��t M��nchen
http://www.net.in.tum.de/de/mitarbeiter/holz/
Phone +49.89.289.18043
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
