Of potential interest to this group:
Steven Galbraith's perspective on papers, such as IACR ePrint 2015-310:
https://ellipticnews.wordpress.com/2015/04/13/elliptic-curve-discrete-logarithm-problem-in-characteristic-two/
Best regards, Rene
On 7/16/2015 9:08 AM, Blumenthal, Uri - 0553 - MITLL wrote:
I think you convinced me. And to think of it, I never did like binary
curves. :-)
No binary curves for the future. :-)
Tnx!
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
*From: *Tony Arcieri
*Sent: *Wednesday, July 15, 2015 22:32
*To: *Rene Struik
*Cc: *<tls@ietf.org>
*Subject: *Re: [TLS] (selection criteria for crypto primitives) Re:
sect571r1
To respond more specifically to your concerns:
On Wed, Jul 15, 2015 at 6:42 PM, Rene Struik <rstruik....@gmail.com
<mailto:rstruik....@gmail.com>> wrote:
It seems prudent to keep some diversity of the gene pool and not
only have curves defined over prime curves. Similarly, one should
perhaps have some diversity of gene pool criteria within the set
of recommend curves and not only include special primes. Should
some problem with a particular subclass show up over time, one
then at least has other classes available.
Binary curves in particular are showing warning signs of potential
future security issues:
https://eprint.iacr.org/2015/310.pdf
I think even if we don't completely pare down the TLS curve portfolio
to the list I suggested, if nothing else I would like to see binary
curves removed.
--
Tony Arcieri
--
email: rstruik....@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
