<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Reading the linked spec, it seems section 5.1.4: Domainparameter und Schlüssellängen is the part relevant to algorithms for certificates.<div class=""><br class=""></div><div class="">It says that ECDSA, DSA, and RSASSA-PSS are acceptable signature algorithms and the acceptable curves for use with ECDSA are:</div><div class=""><br class=""></div><div class="">- BrainpoolP224r14
, BrainpoolP256r1, BrainpoolP384r1, BrainpoolP512r1 (vgl. [26]); </div><div class=""><br class=""></div><div class="">- NIST Curve P-224, NIST Curve P-256, NIST Curve P-384, NIST Curve P-521.</div><div class=""><br class=""></div><div class="">It says that the Brainpool curves are _recommended_ but does not make them required.</div><div class=""><br class=""></div><div class="">There is overlap between BSI TR-03116, the BRs, and what browsers support, so it does not appear any changes to the BRs are required to allow compliance with BSI TR-03116.</div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Peer<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Jul 3, 2018, at 12:50 PM, Ryan Sleevi via Public <<a href="mailto:public@cabforum.org" class="">public@cabforum.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="ltr" class="">Didn't we cover this rather comprehensively at the Raleigh F2F, in terms of discussing what it takes for new algorithms to be added, the implications and tradeoffs (to the ecosystem and to relying parties)? Similar with hash algorithms, and the discussion of national ciphersuites. Finally, we've heard from relying parties about how such support can be actively harmful towards interoperability and security.<div class=""><br class=""></div><div class="">I don't think this introduces anything new that had not been considered at great length in that and the follow-up meetings, and I don't think there was any clear outcome supportive of introducing such new algorithms.</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Tue, Jul 3, 2018 at 3:40 PM Tim Hollebeek via Public <<a href="mailto:public@cabforum.org" class="">public@cabforum.org</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72" class=""><div class="m_5367374801432904598WordSection1"><p class="MsoNormal">My German is rusty, but is it actually saying it is the highest priority curve?<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">-Tim<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt" class=""><div class=""><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in" class=""><p class="MsoNormal"><b class="">From:</b> Public [mailto:<a href="mailto:public-bounces@cabforum.org" target="_blank" class="">public-bounces@cabforum.org</a>] <b class="">On Behalf Of </b>Stephen Davidson via Public<br class=""><b class="">Sent:</b> Tuesday, July 3, 2018 1:52 PM<br class=""><b class="">To:</b> CABforum1 <<a href="mailto:public@cabforum.org" target="_blank" class="">public@cabforum.org</a>><br class=""><b class="">Subject:</b> [cabfpub] BR: brainpoolp256r1 curve<u class=""></u><u class=""></u></p></div></div><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Hello:<u class=""></u><u class=""></u></p><p class="MsoNormal">I am posting the following on behalf of Rufus Buschart of Siemens, for discussion.<u class=""></u><u class=""></u></p><p class="MsoNormal">Kind regards, Stephen<u class=""></u><u class=""></u></p><p class="MsoNormal">QuoVadis<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">-<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal" style="margin-left:.5in">The "Bundesamt für Sicherheit in der Informationstechnik" (German Federal Office for Information Security) published a technical guidance <a name="m_5367374801432904598__Hlk518392819" class="">TR-03116-3</a> which defines fundamental cryptographic requirements for governmental projects. In chapter 2.1.3 it defines three elliptic curves that have to be supported as a minimum for SSL/TLS. One of the three curves is the brainpoolp256r1 curve. This curve is not currently allowed according to the BRGs chapter 6.1.5.<u class=""></u><u class=""></u></p><p class="MsoNormal" style="margin-left:.5in">I would like to propose, that this curve becomes allowed by the BRGs as well.<u class=""></u><u class=""></u></p><p class="MsoNormal" style="margin-left:.5in"><b class="">TR-03116-3:</b> <a href="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf?__blob=publicationFile&v=4" target="_blank" class="">https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf?__blob=publicationFile&v=4</a> <u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div></div></div>_______________________________________________<br class="">
Public mailing list<br class="">
<a href="mailto:Public@cabforum.org" target="_blank" class="">Public@cabforum.org</a><br class="">
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><br class="">
</blockquote></div>
_______________________________________________<br class="">Public mailing list<br class=""><a href="mailto:Public@cabforum.org" class="">Public@cabforum.org</a><br class="">https://cabforum.org/mailman/listinfo/public<br class=""></div></blockquote></div><br class=""></div></body></html>