Minutes IETF99: curdle
CURves, Deprecating and a Little more Encryption
||Minutes IETF99: curdle
CMS / Kerberos to IESG
PKIX needs work
SSH one in last call.
RC4-die-die-die awaiting adoption
Draft to consider is the SSH key exchange
Diffie Hellman NIST P256 / When 25519 is deployed everywhere, can change.
Keep as should not Should- until 25519 is deployed everywhere.
EKR: Also puzzled by NIST curves. Fine to say NIST unloved.
Deprecating not justified technically
Deb Cooley NSA: Diffie hellman group choices in the drafts are inconsistent.
Martin: Choices are the ones with normative language attached,
the others merely exist.
EKR: Reason for SHA512 over 256 is risk of Grovers algorithm collisions.
Would be good if IETF said our theory on Quantum Crypto is X.
Tero: The normative language listed on slides is only for SHOULD-
and above, anything else is MAY
PHB: Quantum Crypto is for IRTF
EKR: We should have an agreement on 256 bits being good enough for
Martin Thompson: 256 bits for now, may change in future.
Tero: Dont go from Must to Must Not, better Must to Should Not.
Problematic because it breaks backwards compatibility.
Rich Salz: Is consensus P256 OK
Deb: ecdh-sha2-nistp256 should not be Should- should be at least a SHOULD
EKR: just swap plus and minus on ecdh-sha2-nistp256 ecdh-sha2-nistp384
Deb: Just get rid of plus and minus.
Table of work.
Are we done?
Kerberos missing Ed25519
Deb: Shouldnt that be done in kitten
Anon: Kitten should be run over. Chair said please do in Curdle.
Martin Thompson: Jose fine, some interest in Web Crypto X25519 and X448.
No reason we cant do it. Interfaces with W3C Web crypto.
[Search for a volunteer]
Yoav: SSH Chacha Poly already exists in code.
PHB: May have JOSE code.