idnits 2.17.1 draft-ietf-curdle-pkix-newcurves-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (March 20, 2016) is 2931 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-08) exists of draft-irtf-cfrg-eddsa-00 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Josefsson 3 Internet-Draft SJD AB 4 Intended status: Informational March 20, 2016 5 Expires: September 21, 2016 7 Using Curve25519 and Curve448 in PKIX 8 draft-ietf-curdle-pkix-newcurves-00 10 Abstract 12 This document specify "named curve" object identifiers for the 13 Curve25519 and Curve448 curves, for use in various X.509 PKIX 14 structures. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on September 21, 2016. 33 Copyright Notice 35 Copyright (c) 2016 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 1. Introduction 50 In [RFC7748], the elliptic curves Curve25519 and Curve448 are 51 described. They are designed with performance and security in mind. 52 The curves may be used for Diffie-Hellman and Digital Signature 53 operations. 55 This RFC define ASN.1 "named curve" object identifiers for Curve25519 56 and Curve448, for use in the Internet X.509 PKI [RFC5280]. 58 Rather than defining a new subject public key format for these two 59 curves, this document re-use the existing ECDSA/ECDH public-key 60 contained (described in section 2.3.5 of [RFC3279]) and introduce two 61 new "named curve" OIDs. This approach is the same as for the 62 Brainpool curves [RFC5639]. 64 2. Requirements Terminology 66 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 67 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 68 document are to be interpreted as described in [RFC2119]. 70 3. Curve25519 and Curve448 Named Curve Identifier 72 Certificates conforming to [RFC5280] may convey a public key for any 73 public key algorithm. The certificate indicates the algorithm 74 through an algorithm identifier. This algorithm identifier is an OID 75 and optionally associated parameters. Section 2.3.5 of [RFC3279] 76 describe ECDSA/ECDH public keys, specifying the id-ecPublicKey OID. 77 This OID has the associated EcpkParameters parameters structure, 78 which contains the namedCurve CHOICE. Here we introduce two new OIDs 79 for use in the namedCurve field. 81 id-Curve25519 OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.11591.15.1 } 82 id-Curve448 OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.11591.15.2 } 83 id-Curve25519ph OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.11591.15.3 } 84 id-Curve448ph OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.11591.15.4 } 86 The OID id-Curve25519 refers to Curve25519. The OID id-Curve448 87 refers to Curve448. Both curves are described in [RFC7748]. The 88 OIDs id-Curve25519ph and id-Curve448ph refers to Curve25519 and 89 Curve448 when used with pre-hashing as Ed25519ph and Ed448ph 90 described in [I-D.irtf-cfrg-eddsa]. 92 The public key value encoded into the ECPoint value is the raw binary 93 values described in [RFC7748]. 95 4. Acknowledgements 97 Text and/or inspiration were drawn from [RFC5280], [RFC3279], 98 [RFC5480], and [RFC5639]. 100 Several people suggested the utility of specifying OIDs for encoding 101 Curve25519/Curve448 public keys into PKIX certificates, the editor of 102 this document cannot take credit for this idea. 104 5. IANA Considerations 106 None. 108 6. Security Considerations 110 The security considerations of [RFC3279], [RFC5280], [RFC5480] and 111 [RFC7748] apply accordingly. 113 7. References 115 7.1. Normative References 117 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 118 Requirement Levels", BCP 14, RFC 2119, March 1997. 120 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 121 Identifiers for the Internet X.509 Public Key 122 Infrastructure Certificate and Certificate Revocation List 123 (CRL) Profile", RFC 3279, April 2002. 125 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 126 Housley, R., and W. Polk, "Internet X.509 Public Key 127 Infrastructure Certificate and Certificate Revocation List 128 (CRL) Profile", RFC 5280, May 2008. 130 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 131 "Elliptic Curve Cryptography Subject Public Key 132 Information", RFC 5480, March 2009. 134 [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves 135 for Security", RFC 7748, DOI 10.17487/RFC7748, January 136 2016, . 138 [I-D.irtf-cfrg-eddsa] 139 Josefsson, S. and I. Liusvaara, "Edwards-curve Digital 140 Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-00 141 (work in progress), October 2015. 143 7.2. Informative References 145 [RFC5639] Lochter, M. and J. Merkle, "Elliptic Curve Cryptography 146 (ECC) Brainpool Standard Curves and Curve Generation", RFC 147 5639, March 2010. 149 Author's Address 151 Simon Josefsson 152 SJD AB 154 Email: simon@josefsson.org