Re: [Cfrg] MAY use specified curves

Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue, 09 September 2014 18:59 UTC

Return-Path: <mpg@elzevir.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C4C11A00C2 for <cfrg@ietfa.amsl.com>; Tue, 9 Sep 2014 11:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.994
X-Spam-Level:
X-Spam-Status: No, score=0.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.793] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Um7X9gMOjBcW for <cfrg@ietfa.amsl.com>; Tue, 9 Sep 2014 11:59:13 -0700 (PDT)
Received: from mordell.elzevir.fr (unknown [IPv6:2001:4b98:dc0:41:216:3eff:feeb:c406]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FE051A0013 for <cfrg@irtf.org>; Tue, 9 Sep 2014 11:59:13 -0700 (PDT)
Received: from thue.elzevir.fr (thue.elzevir.fr [88.165.216.11]) by mordell.elzevir.fr (Postfix) with ESMTPS id 8871E160D5; Tue, 9 Sep 2014 20:59:11 +0200 (CEST)
Received: from [192.168.0.124] (unknown [192.168.0.254]) by thue.elzevir.fr (Postfix) with ESMTPSA id DCD18290CD; Tue, 9 Sep 2014 20:59:10 +0200 (CEST)
Message-ID: <540F4DFD.3030202@elzevir.fr>
Date: Tue, 09 Sep 2014 20:59:09 +0200
From: =?windows-1252?Q?Manuel_P=E9gouri=E9-Gonnard?= <mpg@elzevir.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dan Brown <dbrown@certicom.com>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <810C31990B57ED40B2062BA10D43FBF5CD8CE5@XMB116CNC.rim.net> <540F48B4.1090600@cs.tcd.ie>
In-Reply-To: <540F48B4.1090600@cs.tcd.ie>
OpenPGP: id=98EED379; url=https://elzevir.fr/gpg/mpg.asc
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/TqBwXo8z43hd7uUuCh2mCtcdCBs
Subject: Re: [Cfrg] MAY use specified curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 18:59:15 -0000

On 09/09/2014 20:36, Stephen Farrell wrote:
> On 09/09/14 18:03, Dan Brown wrote:
>>
>> My understanding is that many IETF WGs have applied a MUST NOT to the
>> ANSI/SECG mechanisms of specifying an elliptic curve.  
> 
> I'm not clear what you mean here. Can you provide citations?
> 
I can't say for sure what Dan was referring to, but there is a MUST NOT in PKIX,
specifically RFC 5480 section 2.1.1:

     ECParameters ::= CHOICE {
       namedCurve         OBJECT IDENTIFIER
       -- implicitCurve   NULL
       -- specifiedCurve  SpecifiedECDomain
     }
       -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
       -- Details for SpecifiedECDomain can be found in [X9.62].
       -- Any future additions to this CHOICE should be coordinated
       -- with ANSI X9.

On the other hand, TLS allows specified curves, via the special NamedCurve
values arbitrary_explicit_prime_curves and  arbitrary_explicit_char2_curves (RFC
4492 section 5.1.1). But according to wikipedia [1], none of the usual TLS
libraries implement this option.

[1]
https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Supported_elliptic_curves

(Outside of PKIX and TLS, I have no idea.)

Manuel.