Fw: Re: 7007966: Add Brainpool ECC support (RFC 5639)

Samuel Lidén Borell samuel at primekey.se
Thu Dec 23 23:20:35 UTC 2010


I think this was supposed to be sent to the list.

(It was my fault actually; I messed up in my second e-mail so it didn't have the security-dev in the "To" header. So replies to it get sent to me and not the list. Sorry.)



Begin forwarded message:

Date: Thu, 23 Dec 2010 16:29:02 -0500
From: Michael StJohns <mstjohns at comcast.net>
To: Samuel Lidén Borell <samuel at primekey.se>, Xuelei Fan <xuelei.fan at Oracle.com>
Subject: Re: 7007966: Add Brainpool ECC support (RFC 5639)


Hi -

There's support for TLS and then there's support in the JDK, and finally there's support in PKCS11.  As I recall,  sun/security/ec/NamedCurve and sun/security/ec/SunECEntries need to be modified to add the name to OID mappings so that external libs can support those curves as providers - that also covers PKCS11 mostly.  Changes are about a line each in those two files, but you'll have to use something like BouncyCastle to actually implement the curve.

The issue of adding support for a brainpool curve in TLS is a somewhat orthogonal issue.  To add this to the IANA registry requires another RFC, or a mod to the existing RFC 5246.  Given the date of that RFC and the date of the brainpool curves and the composition of the RFC authors, I'd say a conscious decision was made to not include the curves in the RFC - probably for IPR reasons.  I could be wrong.

Mike


At 03:27 AM 12/23/2010, Samuel Lidén Borell wrote:
>Hi,
>
>I've never worked with transport security so it's not really my area, and I don't know of any efforts to get Brainpool registered with IANA.
>
>Regards,
>Samuel Lidén Borell
>
>
>
>On Wed, 22 Dec 2010 22:08:39 +0800
>Xuelei Fan <xuelei.fan at Oracle.com> wrote:
>
>> Hi,
>> 
>> To use those EC curves in TLS, IANA need to register these curves[*]. Do
>> you know any effort to use these curves in TLS?
>> 
>> Thanks,
>> Xuelei
>> 
>> [*]
>> http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
>> 
>> On 12/22/2010 9:38 PM, Samuel Lidén Borell wrote:
>> > Hi,
>> > 
>> > Would it be possible to support Brainpool ECC [1] in OpenJDK (as named curves)? The Brainpool curves are used in European ePassport deployments, for example.
>> > 
>> > I've submitted a RFE [2] and started working on a patch [3].
>> > 
>> > [1] http://tools.ietf.org/html/rfc5639
>> > [2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7007966
>> > [3] https://gist.github.com/740601
>> > 
>> > Regards,
>> > Samuel Lidén Borell



-- 
Samuel Lidén Borell <samuel at slbdata.se>



More information about the security-dev mailing list