IETF Logo Mail Archive

Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?

"Bruckert, Leonie" <Leonie.Bruckert@secunet.com> Wed, 18 July 2018 16:54 UTC

Return-Path: <Leonie.Bruckert@secunet.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9141311EE for <tls@ietfa.amsl.com>; Wed, 18 Jul 2018 09:54:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZ5c3MdeB3Vw for <tls@ietfa.amsl.com>; Wed, 18 Jul 2018 09:54:55 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D35012DD85 for <tls@ietf.org>; Wed, 18 Jul 2018 09:54:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 882A8201CD for <tls@ietf.org>; Wed, 18 Jul 2018 20:54:38 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZENCNaQfbVHj for <tls@ietf.org>; Wed, 18 Jul 2018 20:54:38 +0200 (CEST)
Received: from mail-essen-02.secunet.de (mail-essen-02.secunet.de [10.53.40.205]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 01108201CA for <tls@ietf.org>; Wed, 18 Jul 2018 20:54:38 +0200 (CEST)
Received: from MAIL-ESSEN-01.secunet.de ([fe80::1c79:38b7:821e:46b4]) by mail-essen-02.secunet.de ([fe80::4431:e661:14d0:41ce%16]) with mapi id 14.03.0399.000; Wed, 18 Jul 2018 18:54:53 +0200
From: "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
Thread-Index: AdQdyutxd5brAeCrTvCBnUE+fi65pP//9F8AgAAROgCAAAEvAIABKxEAgAAnlQD//4HO0A==
Date: Wed, 18 Jul 2018 16:54:52 +0000
Message-ID: <DE8E4C1F24911E469CC24DD4819274AA27734B81@mail-essen-01.secunet.de>
References: <DE8E4C1F24911E469CC24DD4819274AA2770426C@mail-essen-01.secunet.de> <CABcZeBNjsU+FLdF7nnfhaqLWDNU5HHcX-W_261wmAfWqmMqm+w@mail.gmail.com> <1531903926363.56642@cs.auckland.ac.nz> <2386527.GkuWJfRkxc@pintsize.usersys.redhat.com>
In-Reply-To: <2386527.GkuWJfRkxc@pintsize.usersys.redhat.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-g-data-mailsecurity-for-exchange-state: 0
x-g-data-mailsecurity-for-exchange-error: 0
x-g-data-mailsecurity-for-exchange-sender: 23
x-g-data-mailsecurity-for-exchange-server: cbe3d3f7-b9e3-4256-b890-f24c4306a01c
x-exclaimer-md-config: 2c86f778-e09b-4440-8b15-867914633a10
x-g-data-mailsecurity-for-exchange-guid: 3E61EF0E-85F7-4B65-9506-39C206416EC3
Content-Type: multipart/alternative; boundary="_000_DE8E4C1F24911E469CC24DD4819274AA27734B81mailessen01secu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Yp3vsxSfr0oGIMmJUCqkEYiXjDs>
Subject: Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 16:54:59 -0000

As I understand from the text, the Brainpool curves itself are not prohibited, but the code points assigned to them. So, if people still want to use the Brainpool curves in conformance with the standard, I would conclude that they can request new code points. This would result in an IANA registry with duplicated entries for brainpool curves: the old, now prohibited code points and the new assigned ones. Is this correct?



Leonie

v2.23.0 | Report a Bug | By Email