[prev in list] [next in list] [prev in thread] [next in thread]
List: cfrg
Subject: [Cfrg] scope [Was: ECC Encryption questions]
From: David McGrew <mcgrew () cisco ! com>
Date: 2010-06-25 20:18:24
Message-ID: B0F62440-7817-4FE9-A23E-C6B678035FED () cisco ! com
[Download RAW message or body]
Hi David,
I agree that "how does it work?" sorts of questions are out of scope
(though I hope we'll be forgiving of the occasional question of that
sort).
Questions like "can it do this?" could be in scope - we want to be a
bridge between theory and practice, and we want that to work in both
directions. If there are real-world applications for which existing
mechanisms are not suitable, it will be good to know.
I think the general topic of a minimal set of crypto primitives (e.g.
can we make do with a hash and not a block cipher, or with a block
cipher but not a hash) is a worthwhile topic. Ideally, we should
start with the basic requirements and work out from there.
David
On Jun 24, 2010, at 11:31 AM, David Wagner wrote:
> Dan Brown wrote:
>> How valuable is it to be "hash" free? Should standardizers, eg IETF,
>> be going out of their way to support such modes?
>
> I think you raise a good point.
>
> Personal opinion: In some settings (e.g., very low-end embedded
> devices),
> there might be some small value to hashless cryptographic modes.
> However I think it would be premature for the IETF to go out of its
> way
> to support such modes at this time. I think the IETF should not
> consider
> standardizing them until someone with both significant cryptographic
> knowledge and significant practical experience is able to report to
> the
> IETF about their experience, demonstrate convincingly that they have
> considered all alternatives, propose a concrete set of hashless modes,
> quantify the benefit of those hashless modes over the next-best
> standard
> set of modes, and generally make the case for some concrete step the
> IETF could take.
>
> Right now, I think the status quo is that if you have an embedded
> device
> with severe resource constraints, you should hire a knowledgeable
> cryptographer to design the best solution, given those constraints.
> I don't see a convincing argument that the IETF needs to step in to do
> anything to change the status quo. The status quo seems OK.
>
> By the way, I don't think it's a good use of this mailing list to use
> it as a general help desk for crypto questions. I understood that the
> purpose of this mailing list was to support standardization efforts,
> not to serve as a general forum for "can someone help me understand
> crypto?" questions. I would suggest that the CFRG chairs declare the
> threads about "how does ECC work? can ECC do this? is it possible
> to do
> public-key crypto without hashes?" closed and off-topic. Those
> questions
> belong somewhere else, in my personal opinion.
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic