Curdle Status PagesCURves, Deprecating and a Little more Encryption (Active WG)
Sec Area: Eric Rescorla, Kathleen Moriarty | 2015-Dec-18 —Chairs:
IETF-99 curdle minutes
Session 2017-07-17 0930-1200: Congress Hall III - Audio stream - curdle chatroom
CURDLE Document Status: CMS / Kerberos to IESG PKIX needs work SSH one in last call. RC4-die-die-die awaiting adoption Draft to consider is the SSH key exchange Diffie Hellman NIST P256 / When 25519 is deployed everywhere, can change. Keep as should not Should- until 25519 is deployed everywhere. EKR: Also puzzled by NIST curves. Fine to say NIST unloved. Deprecating not justified technically Deb Cooley NSA: Diffie hellman group choices in the drafts are inconsistent. Martin: Choices are the ones with normative language attached, the others merely exist. EKR: Reason for SHA512 over 256 is risk of Grovers algorithm collisions. Would be good if IETF said our theory on Quantum Crypto is X. Tero: The normative language listed on slides is only for SHOULD- and above, anything else is MAY PHB: Quantum Crypto is for IRTF EKR: We should have an agreement on 256 bits being good enough for indefinite future. Martin Thompson: 256 bits for now, may change in future. Tero: Dont go from Must to Must Not, better Must to Should Not. Problematic because it breaks backwards compatibility. Rich Salz: Is consensus P256 OK Deb: ecdh-sha2-nistp256 should not be Should- should be at least a SHOULD EKR: just swap plus and minus on ecdh-sha2-nistp256 ecdh-sha2-nistp384 Deb: Just get rid of plus and minus. Charter discussion Table of work. Are we done? Kerberos missing Ed25519 Deb: Shouldnt that be done in kitten Anon: Kitten should be run over. Chair said please do in Curdle. Martin Thompson: Jose fine, some interest in Web Crypto X25519 and X448. No reason we cant do it. Interfaces with W3C Web crypto. [Search for a volunteer] Yoav: SSH Chacha Poly already exists in code. PHB: May have JOSE code.