[cabfpub] BR: brainpoolp256r1 curve

Peter Bowen pzb at amzn.com
Tue Jul 3 20:53:03 UTC 2018 

Reading the linked spec, it seems section 5.1.4: Domainparameter und Schlüssellängen is the part relevant to algorithms for certificates.

It says that ECDSA, DSA, and RSASSA-PSS are acceptable signature algorithms and the acceptable curves for use with ECDSA are:

- BrainpoolP224r14 , BrainpoolP256r1, BrainpoolP384r1, BrainpoolP512r1 (vgl. [26]); 

- NIST Curve P-224, NIST Curve P-256, NIST Curve P-384, NIST Curve P-521.

It says that the Brainpool curves are _recommended_ but does not make them required.

There is overlap between BSI TR-03116, the BRs, and what browsers support, so it does not appear any changes to the BRs are required to allow compliance with BSI TR-03116.

Thanks,
Peer

> On Jul 3, 2018, at 12:50 PM, Ryan Sleevi via Public <public at cabforum.org> wrote:
> 
> Didn't we cover this rather comprehensively at the Raleigh F2F, in terms of discussing what it takes for new algorithms to be added, the implications and tradeoffs (to the ecosystem and to relying parties)? Similar with hash algorithms, and the discussion of national ciphersuites. Finally, we've heard from relying parties about how such support can be actively harmful towards interoperability and security.
> 
> I don't think this introduces anything new that had not been considered at great length in that and the follow-up meetings, and I don't think there was any clear outcome supportive of introducing such new algorithms.
> 
> On Tue, Jul 3, 2018 at 3:40 PM Tim Hollebeek via Public <public at cabforum.org <mailto:public at cabforum.org>> wrote:
> My German is rusty, but is it actually saying it is the highest priority curve?
> 
>  
> 
> -Tim
> 
>  
> 
> From: Public [mailto:public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>] On Behalf Of Stephen Davidson via Public
> Sent: Tuesday, July 3, 2018 1:52 PM
> To: CABforum1 <public at cabforum.org <mailto:public at cabforum.org>>
> Subject: [cabfpub] BR: brainpoolp256r1 curve
> 
>  
> 
> Hello:
> 
> I am posting the following on behalf of Rufus Buschart of Siemens, for discussion.
> 
> Kind regards, Stephen
> 
> QuoVadis
> 
>  
> 
> -
> 
>  
> 
> The "Bundesamt für Sicherheit in der Informationstechnik" (German Federal Office for Information Security) published a technical guidance TR-03116-3 <> which defines fundamental cryptographic requirements for governmental projects. In chapter 2.1.3 it defines three elliptic curves that have to be supported as a minimum for SSL/TLS. One of the three curves is the brainpoolp256r1 curve. This curve is not currently allowed according to the BRGs chapter 6.1.5.
> 
> I would like to propose, that this curve becomes allowed by the BRGs as well.
> 
> TR-03116-3:  https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf?__blob=publicationFile&v=4 <https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf?__blob=publicationFile&v=4>
>  
> 
>  
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public <https://cabforum.org/mailman/listinfo/public>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180703/691dcb76/attachment-0003.html>

More information about the Public mailing list