IETF Logo Mail Archive

[TLS] Fwd: Updated elliptic curve drafts

Simon Josefsson <simon@josefsson.org> Mon, 12 October 2015 20:48 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 757D91B364B for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 13:48:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3PgxjHS6ZEG for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 13:48:13 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 300091B3648 for <tls@ietf.org>; Mon, 12 Oct 2015 13:48:13 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t9CKlx9s003269 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <tls@ietf.org>; Mon, 12 Oct 2015 22:48:01 +0200
X-Hashcash: 1:22:151012:tls@ietf.org::jTXpASJIPuQRYpI1:2N8
From: Simon Josefsson <simon@josefsson.org>
To: tls@ietf.org
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
Date: Mon, 12 Oct 2015 22:47:58 +0200
Message-ID: <87oag395kx.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/BljvNhd--j9TjfJ1I7Hs8EiH9gQ>
Subject: [TLS] Fwd: Updated elliptic curve drafts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 20:48:14 -0000

FYI -- posted to pkix@ietf.org.  Intended to work together with
draft-josefsson-tls-eddsa or draft-josefsson-tls-eddsa2.

/Simon

From: Simon Josefsson <simon@josefsson.org>
Subject: Updated elliptic curve drafts
To: pkix@ietf.org
Date: Mon, 12 Oct 2015 22:25:31 +0200

Hi,

I've updated my drafts on Curve25519/Curve448 support in PKIX to refer
to the CFRG-Curves and CFRG-EdDSA drafts.

The following document adds new EdDSA key/signature OIDs directly:

https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04

The following document adds new namedCurve OIDs, thus going indirectly
through the existing ECDSA 3279 route:

https://tools.ietf.org/html/draft-josefsson-pkix-newcurves-01

These two drafts take different approaches to including the new curves
into PKIX, and currently both lack applicability statements.  There is
potential for overlap and conflict right now.  It recently came up that
for PKCS#11 a namedCurve approach would be useful, but for normal PKIX
Certificates, it may be that the first direct approach is preferrable.
The former lack the possibility of encoding keys for DH.  I believe each
approach can be useful on its own, but we need to include text adressing
use-cases that can be resolved by both documents to avoid conflicts.

/Simon

v2.23.0 | Report a Bug | By Email