Re: [Cfrg] ECC reboot (Was: When's the decision?)

"Hallof, Andreas" <> Fri, 17 October 2014 15:24 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E1B531A1AC3 for <>; Fri, 17 Oct 2014 08:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.361
X-Spam-Status: No, score=-0.361 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dJNCwPW0hoVS for <>; Fri, 17 Oct 2014 08:24:43 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A7511A03A4 for <>; Fri, 17 Oct 2014 08:24:41 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 587641600CC; Fri, 17 Oct 2014 17:24:39 +0200 (CEST)
From: "Hallof, Andreas" <>
To: 'Alyssa Rowan' <>, "" <>
Thread-Topic: [Cfrg] ECC reboot (Was: When's the decision?)
Thread-Index: Ac/qGmraGx1tfIUvTDG7EGNVqiFc/Q==
Date: Fri, 17 Oct 2014 15:24:37 +0000
Message-ID: <>
Accept-Language: de-DE, en-US
Content-Language: de-DE
x-olx-disclaimer: Done
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TBoneOriginalFrom: "Hallof, Andreas" <>
X-TBoneOriginalTo: 'Alyssa Rowan' <>, "" <>
X-TBoneDomainSigned: false
Subject: Re: [Cfrg] ECC reboot (Was: When's the decision?)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 17 Oct 2014 15:24:46 -0000

Please add to these 50+ million smartcards, another 70 million german eHealth-Cards. 
Every statutory health insurance patient in Germany has a smartcards, that is capable of 
supporting a client-authenticated TLS-Session (RSA-based keys + dedicated TLS-Certificate).
In medium term we want to migrate to an ECC-based scheme.

> Besides, those smartcards are surely already provisioned and keyed so not relevant to any new curve?

If independent from each other three different Chipcard-Manufacturer tell me they prefer using 
curves with random primes then this tells me something.

 Andreas Hallof 

Andreas Hallof, Datenschutz und Datensicherheit / Kryptographie

-----Ursprüngliche Nachricht-----
Von: Cfrg [] Im Auftrag von Alyssa Rowan
Gesendet: Freitag, 17. Oktober 2014 11:40
Betreff: Re: [Cfrg] ECC reboot (Was: When's the decision?) [NICHT VERSCHLUESSELT, ] [SIGNATUR_UNPRUEFBAR, OpenPGP]

On 17 October 2014 10:21:43 BST, Johannes Merkle <> wrote:

>> from the hesitant adoption of Brainpool in the wider community,
>this assertion is only true for software implementations. Brainpool curves are used by more than 50 million smartcards rolled out and several vpn solutions (e.g., based on IPSec) widely used within German and EU public authorities.

Yes, that's exactly my point. Brainpool usage seems to be concentrated under a relatively small, interlocked group of governmental stakeholders in specialist applications - not really rolled out in the wider community like the NIST curves, let alone like RSA.

Besides, those smartcards are surely already provisioned and keyed so not relevant to any new curve?