7007966: Add Brainpool ECC support (RFC 5639)
Michael StJohns
mstjohns at comcast.net
Fri Dec 24 18:34:40 UTC 2010
At 08:04 PM 12/23/2010, Brad Wetmore wrote:
>> To use those EC curves in TLS, IANA need to register these curves[*].
>> Do you know any effort to use these curves in TLS?
>
>Xuelei was primarily asking about this from the TLS perspective. RFC 5639 just claims its use would be consistent with the existing TLS ECC approaches, but I don't know of current efforts to actually add them for TLS.
Yeah - I wasn't quite sure why TLS came up as the question was about brainpool for use in the ePassports.
>For the more general case, we can consider it, but as with anything ECC, patent issues will come up.
If its just adding curve/OID/Name mappings to the EC base, there shouldn't be any issues with IPR. To be honest, I'm thinking that there ought to be a way to populate the table(s) from user space. The issue mostly comes up when trying to translate to/from PKCS11 domain parameters - if the entry isn't in the table (sun/security/ec/NamedCurve.java), there's no way to use the curve in PKCS11, even if the external provider supports it.
Mike
>RFC 5639 claims "no knowledge of any intellectual property rights...may require use of inventions covered by patents rights." This would require significant legal review.
>
>Brad
>
>
>
>
>
>On 12/22/2010 6:08 AM, Xuelei Fan wrote:
>>Hi,
>>
>>To use those EC curves in TLS, IANA need to register these curves[*]. Do
>>you know any effort to use these curves in TLS?
>>
>>Thanks,
>>Xuelei
>>
>>[*]
>>http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
>>
>>On 12/22/2010 9:38 PM, Samuel Lidén Borell wrote:
>>>Hi,
>>>
>>>Would it be possible to support Brainpool ECC [1] in OpenJDK (as named curves)? The Brainpool curves are used in European ePassport deployments, for example.
>>>
>>>I've submitted a RFE [2] and started working on a patch [3].
>>>
>>>[1] http://tools.ietf.org/html/rfc5639
>>>[2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7007966
>>>[3] https://gist.github.com/740601
>>>
>>>Regards,
>>>Samuel Lidén Borell
More information about the security-dev
mailing list