| < draft-merkle-tls-brainpool-02.txt | draft-merkle-tls-brainpool-03.txt > | |||
|---|---|---|---|---|
| Network Working Group J. Merkle | Network Working Group J. Merkle | |||
| Internet-Draft secunet Security Networks | Internet-Draft secunet Security Networks | |||
| Updates: 4492 (if approved) M. Lochter | Updates: 4492 (if approved) M. Lochter | |||
| Intended status: Informational Bundesamt fuer Sicherheit in der | Intended status: Informational Bundesamt fuer Sicherheit in der | |||
| Expires: December 26, 2013 Informationstechnik (BSI) | Expires: January 3, 2014 Informationstechnik (BSI) | |||
| June 24, 2013 | July 2, 2013 | |||
| ECC Brainpool Curves for Transport Layer Security (TLS) | ECC Brainpool Curves for Transport Layer Security (TLS) | |||
| draft-merkle-tls-brainpool-02 | draft-merkle-tls-brainpool-03 | |||
| Abstract | Abstract | |||
| This document specifies the use of several ECC Brainpool curves for | This document specifies the use of several ECC Brainpool curves for | |||
| authentication and key exchange in the Transport Layer Security (TLS) | authentication and key exchange in the Transport Layer Security (TLS) | |||
| protocol. | protocol. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 26, 2013. | This Internet-Draft will expire on January 3, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 14 ¶ | skipping to change at page 3, line 14 ¶ | |||
| 1. Introduction | 1. Introduction | |||
| In [RFC5639], a new set of elliptic curve groups over finite prime | In [RFC5639], a new set of elliptic curve groups over finite prime | |||
| fields for use in cryptographic applications was specified. These | fields for use in cryptographic applications was specified. These | |||
| groups, denoted as ECC Brainpool curves, were generated in a | groups, denoted as ECC Brainpool curves, were generated in a | |||
| verifiably pseudo-random way and comply with the security | verifiably pseudo-random way and comply with the security | |||
| requirements of relevant standards from ISO [ISO1] [ISO2], ANSI | requirements of relevant standards from ISO [ISO1] [ISO2], ANSI | |||
| [ANSI1], NIST [FIPS], and SecG [SEC2]. | [ANSI1], NIST [FIPS], and SecG [SEC2]. | |||
| Usage of elliptic curves for authentication and key agreement in TLS | [RFC4492] defines the usage of elliptic curves for authentication and | |||
| 1.0 and TLS 1.1 is defined in [RFC4492]. While the ASN.1 object | key agreement in TLS 1.0 and TLS 1.1, and these mechanisms are also | |||
| identifiers defined in [RFC5639] already allow usage of the ECC | applicable to TLS 1.2 [RFC5246]. While the ASN.1 object identifiers | |||
| Brainpool curves for TLS (client or server) authentication through | defined in [RFC5639] already allow usage of the ECC Brainpool curves | |||
| reference in X.509 certificates according to [RFC3279] and [RFC5480] | for TLS (client or server) authentication through reference in X.509 | |||
| , their negotiation for key exchange according to [RFC4492] requires | certificates according to [RFC3279] and [RFC5480] , their negotiation | |||
| the definition and assignment of additional NamedCurve IDs. This | for key exchange according to [RFC4492] requires the definition and | |||
| document specifies such values for three curves from [RFC5639]. | assignment of additional NamedCurve IDs. This document specifies | |||
| such values for three curves from [RFC5639]. | ||||
| Test vectors for a Diffie-Hellman key exchange using these ECC | Test vectors for a Diffie-Hellman key exchange using these ECC | |||
| Brainpool curves are provided in Appendix A | Brainpool curves are provided in Appendix A | |||
| 2. Security Considerations | 2. Security Considerations | |||
| The security considerations of [RFC5246] apply accordingly. | The security considerations of [RFC5246] apply accordingly. | |||
| The confidentiality, authenticity and integrity of the TLS | The confidentiality, authenticity and integrity of the TLS | |||
| communication is limited by the weakest cryptographic primitive | communication is limited by the weakest cryptographic primitive | |||
| skipping to change at page 5, line 9 ¶ | skipping to change at page 5, line 9 ¶ | |||
| random curve (through mathematical equivalence), an arithmetic based | random curve (through mathematical equivalence), an arithmetic based | |||
| on small curve parameters may be harder to protect against side- | on small curve parameters may be harder to protect against side- | |||
| channel attacks. General guidance on resistence of elliptic curve | channel attacks. General guidance on resistence of elliptic curve | |||
| cryptography implementations against side-channel-attacks is given in | cryptography implementations against side-channel-attacks is given in | |||
| [BSI1] and [HMV]. | [BSI1] and [HMV]. | |||
| 3. IANA Considerations | 3. IANA Considerations | |||
| IANA is requested to assign numbers for the ECC Brainpool curves, | IANA is requested to assign numbers for the ECC Brainpool curves, | |||
| defined in [RFC5639], found in Table 1 in the Transport Layer | defined in [RFC5639], found in Table 1 in the Transport Layer | |||
| Security (TLS) Parameters NamedCurve registry [IANA-TLS]. These | Security (TLS) Parameters registry EC Named Curve [IANA-TLS]. These | |||
| curves are suitability for use with DTLS. | curves are suitable for use with DTLS. | |||
| +-------+-----------------+---------+-----------+ | +-------+-----------------+---------+-----------+ | |||
| | Value | Description | DTLS-OK | Reference | | | Value | Description | DTLS-OK | Reference | | |||
| +-------+-----------------+---------+-----------+ | +-------+-----------------+---------+-----------+ | |||
| | TBD1 | brainpoolP256r1 | Y | This doc | | | TBD1 | brainpoolP256r1 | Y | This doc | | |||
| | | | | | | | | | | | | |||
| | TBD2 | brainpoolP384r1 | Y | This doc | | | TBD2 | brainpoolP384r1 | Y | This doc | | |||
| | | | | | | | | | | | | |||
| | TBD3 | brainpoolP512r1 | Y | This doc | | | TBD3 | brainpoolP512r1 | Y | This doc | | |||
| +-------+-----------------+---------+-----------+ | +-------+-----------------+---------+-----------+ | |||
| End of changes. 5 change blocks. | ||||
| 14 lines changed or deleted | 15 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||