From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id eBxpAouIGGN/ugAAbAwnHQ (envelope-from ) for ; Wed, 07 Sep 2022 14:03:23 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id sFRyAYuIGGPUWgEAG6o9tA (envelope-from ) for ; Wed, 07 Sep 2022 14:03:23 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C7D103BFC for ; Wed, 7 Sep 2022 14:03:22 +0200 (CEST) Received: from localhost ([::1]:33056 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oVtm5-0004Ia-VT for larch@yhetil.org; Wed, 07 Sep 2022 08:03:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37664) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVtln-0004Gk-3u for bug-guix@gnu.org; Wed, 07 Sep 2022 08:03:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36803) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oVtlm-0006Ef-SE for bug-guix@gnu.org; Wed, 07 Sep 2022 08:03:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oVtlm-0001Iv-Mu for bug-guix@gnu.org; Wed, 07 Sep 2022 08:03:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA with NIST curves. Resent-From: Andreas Enge Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 07 Sep 2022 12:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 57576 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Maxime Devos Cc: 57576@debbugs.gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= , 57599@debbugs.gnu.org, Zhu Zihao Received: via spool by 57576-submit@debbugs.gnu.org id=B57576.16625521684970 (code B ref 57576); Wed, 07 Sep 2022 12:03:02 +0000 Received: (at 57576) by debbugs.gnu.org; 7 Sep 2022 12:02:48 +0000 Received: from localhost ([127.0.0.1]:53731 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oVtlY-0001I4-2H for submit@debbugs.gnu.org; Wed, 07 Sep 2022 08:02:48 -0400 Received: from hera.aquilenet.fr ([185.233.100.1]:60714) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oVtlV-0001Ho-W7; Wed, 07 Sep 2022 08:02:46 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 272501A11; Wed, 7 Sep 2022 14:02:40 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vcl_HYrs2wpP; Wed, 7 Sep 2022 14:02:39 +0200 (CEST) Received: from jurong (unknown [IPv6:2001:861:c4:f2f0:1ce9:67cd:7487:edd5]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 285F9DF3; Wed, 7 Sep 2022 14:02:39 +0200 (CEST) Date: Wed, 7 Sep 2022 14:02:37 +0200 From: Andreas Enge Message-ID: References: <87r10p3ixi.fsf@gnu.org> <20220905160929.21742-1-ludo@gnu.org> <8735d4zpcf.fsf_-_@gnu.org> <4b1f50af-9694-1439-2223-e9ef5ba7ecec@telenet.be> <87sfl4tgnk.fsf@gnu.org> <86368af7-152b-f943-4ee6-e1471d3cb20c@telenet.be> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <86368af7-152b-f943-4ee6-e1471d3cb20c@telenet.be> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662552202; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=+WafkO+6h97K7Ov+40vtgn4zpnlcQcVcsRgpK1FaTPY=; b=H8ciEci1uq0zqYhb2oAJTCmwZUuj8FntyiW09UGQTv9HacJ2srWGvhNg3B2rK0egBjHmAt SauJziQnfzS8z3qhZSepf4wWWv8rGx6Z3urQswhSrFFqEu8dbkujbkXoy12fgeNneXXFlW QSvbzk7r4HtH+qM5I07Qhp1QmZOAvEO//inNInN4jK2IDVq/5ovawRpb8tLFiPqM/pghhY UFHGwo4drJNiXjMbgYzFlTGD1RFs30r1MN7vd1ypWGDftfZ4NprgHmGt7gjKRNnnVMxet6 OBoAZd/zRNAyd5Hr+U8BS7xEdUtcv/mGu0qMMkXR2afEasQ+/h1v0vUYL4uFcw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662552202; a=rsa-sha256; cv=none; b=h13wl785Hq+OUq4KdP6EHXhmTbA2P5lFbS3alw7XnrMpkQ2JKLFQLziTgUakyFSjoJ+aIG Uonx2bx8etbBxvu75O5r8H8G23W9NpeF9QbehuMuZod2c0ug/DKONCXHcCDMX6xiF4Wl0P d/4O3pFC7r4RUCPbWqHX92wWa6ZvGUuSkbjeOia+Zev9VHoz+vWt7YI+NuN0hsocT+bfST i+eGMW39ljFw8NvoGX4Wgj0ZKC1OxlXEjmU2v/PN6rdNjuvckfFmgVJMomMnzywPlWAD6a xuzeXtxMNKEM5+V7GLwcNhlr8KVIw3+i4nCbnPzDPRTCY48kIQXRT+Fm1dMrag== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.27 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: C7D103BFC X-Spam-Score: -2.27 X-Migadu-Scanner: scn1.migadu.com X-TUID: 4RjW1dktBnAX Am Wed, Sep 07, 2022 at 01:13:25PM +0200 schrieb Maxime Devos: > Also, we _do_ have concrete evidence that the curves are flawed -- the website > on the link mentions many issues in the process The website (you mean the blog by D. Bernstein?) also mentions the use of a hash function to arrive at the parameters. Maybe I overlooked something, but I did not find other mentions of the curves (but I did not read the page from A to Z). > past that the NSA is in the habit of subverting communications. But this is not concrete evidence that these curves are flawed. As far as is publicly known, there are a few weak (and sparse) classes of insecure elliptic curves, and the NIST curves do not belong to them. So the only way these curves could be flawed is that there is an unknown class of insecure curves, where the insecurity is known by the NSA. Then if this class is sufficiently dense, one could start with a random seed, hash the seed, and repeat until one obtains a weak instance; see this link by a well-known cryptologist https://miracl.com/blog/backdoors-in-nist-elliptic-curves/ and the link given there (to another post by Bernstein). This is possible, but speculation instead of evidence. Newer constructions are better, but not perfect; optimally one would want a process of "generation of public random numbers" as described here: https://eprint.iacr.org/2015/366 > Channels are for sharing things between multiple people.  The keys are for > authenticating channels.  As multiple people are involved for a channel, this > seems be be a non-personal decision by definition. I said "political", which fits well the setting of multiple people involved. And I meant this in opposition to "scientific", given the lack of evidence against the NIST curves. Andreas