<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
span.EmailStyle20
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle21
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1000430241;
        mso-list-type:hybrid;
        mso-list-template-ids:-1730745712 -212323360 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;}
@list l0:level2
        {mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level4
        {mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level7
        {mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Erwann,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>We did this primarily because other companies hold IP around other types of curves like binary field curves. We did our analysis on the NIST curves and felt comfortable proceeding with those. If we see demand for other types of curves, we’ll investigate the IP space and proceed accordingly.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>-Rick<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Erwann Abalea<br><b>Sent:</b> Monday, March 11, 2013 3:56 AM<br><b>To:</b> CABFPub<br><b>Subject:</b> Re: [cabfpub] Proposal to add DSA 2048<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Why was the list of ECDSA curves limited to the NIST ones, instead of specifying a list of characteristics (field size, curve type, ...)?<br>This prevents the use of other standardized curves such as Brainpool ones (RFC5639), and more local ones such as French ANSSI ones.<br><br><br><o:p></o:p></p><pre>-- <o:p></o:p></pre><pre>Erwann ABALEA<o:p></o:p></pre><pre><o:p> </o:p></pre><p class=MsoNormal>Le 08/03/2013 22:38, Rick Andrews a écrit :<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>To address everyone’s questions:</span><o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:"Calibri","sans-serif"'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>          </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>FIPS 186 originally allowed for DSA 1024 bits max, but in the 186-3 revision 2048 and SHA-2 were added.</span><o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:"Calibri","sans-serif"'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>          </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>ECDSA is allowed in the BRs; Appendix A allows P-256, P-384, or P-521 curves</span><o:p></o:p></p><p class=MsoListParagraph style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:"Calibri","sans-serif"'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>          </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Does it present any issues that are different from RSA algorithm certs? AFAIK, just what Erwann listed below (it can be used for signature only, not encryption/decryption). I haven’t heard of any particular vulnerabilities. In fact, the “Ron was wrong, Whit is right” paper (<a href="http://eprint.iacr.org/2012/064.pdf">http://eprint.iacr.org/2012/064.pdf</a>) suggests that there are advantages to cryptosystems like DSA that require only a single secret during key setup.</span><o:p></o:p></p><p class=MsoListParagraph style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:"Calibri","sans-serif"'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>          </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Same authentication processes and security considerations? I don’t see why not.</span><o:p></o:p></p><p class=MsoListParagraph style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:"Calibri","sans-serif"'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>          </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Can only government agencies obtain these certs, or can any user? Anyone can. We expect more interest from government customers given its inclusion in FIPS 186-3, but there are no restrictions</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-Rick<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></blockquote><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>