[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cryptography] FW: real world binary ecc
On 2020-11-15 2:45 p.m., Salz, Rich via cryptography wrote:
Forwarded with permission; Nicoli is one of the (sic) key implementors of ECC in the OpenSSL project.
On 11/15/20, 10:19 AM, "Nicola Tuveri" <nic.tuv AT gmail.com> wrote:
> suppose you want to create a new TLS library. Should you support binary curves?
I'd dare say, from an implementer perspective, the answer to this is
RFC 8422, in obsoleting RFC 4492, has de facto removed support of
binary curves from TLS 1.2 and earlier.
Nicola, thanks very much for your informative message! And thanks to
Rich for sharing the thread.
I had not looked at RFC 8422. Here is the relevant section for those
5.1.1. Supported Elliptic Curves Extension
RFC 4492 defined 25 different curves in the NamedCurve registry (now
renamed the "TLS Supported Groups" registry, although the enumeration
below is still named NamedCurve) for use in TLS. Only three have
seen much use. This specification is deprecating the rest (with
numbers 1-22). This specification also deprecates the explicit
curves with identifiers 0xFF01 and 0xFF02. It also adds the new
curves defined in [RFC7748]. The end result is as follows:
secp256r1 (23), secp384r1 (24), secp521r1 (25),
And for the FIPS 186-5 draft, it references the SP 800-186 draft -- the
deprecation message is found there:
4.3 Curves over Binary Fields
This section specifies elliptic curves over binary fields where
each curve takes the form of a curve in short-Weierstrass form
and is either a Koblitz curve (Section 4.3.1) or a pseudorandom
curve (Section 4.3.2). Due to their limited adoption, elliptic
curves over binary fields (i.e., all the curves specified in
Section 4.3) are deprecated and may be removed from a subsequent
revision to these guidelines to facilitate interoperability and
simplify elliptic curve standards and implementations. New
implementations should select an appropriate elliptic curve over
a prime field from Section 4.2.
The cryptography mailing list
cryptography AT metzdowd.com