Undo deprecation of brainpool EC
Xuelei Fan
xuelei.f at gmail.com
Tue Nov 15 16:02:30 UTC 2022
Hi Benjamin,
May I ask what are the sizes of brainpool curves used in practice?
Thank,
Xuelei
> On Nov 14, 2022, at 12:36 AM, benjamin.marwell at f-i.de wrote:
>
> Hello everyone!
>
> To our surprise, brainpool EC have been deprecated with Java 14+ [1].
> However, JDK-8234924 [1] does not add any information on WHY they would have been deprecated.
> In fact, neither NIST (USA) nor BSI (Germany) list them as deprecated.
> On the contrary, both institutions list them as an acceptable cipher.
>
> As a matter of fact, the deprecation notice seem to have originated by bad wording.
> Please read this quote from Manfred Lochter, how works at the BSI:
>
>> The unfortunate wording about the brainpool curves originated in TLS 1.3,
>> however RFC 8734 makes the curves usable for TLS again.
>> We will continue to recommend the Brainpool curves.
>> It should also be noted that the arguments for the "modern formulas" have all been refuted by now.
>> Especially the implementation of Curve 25519 requires more effort to protect against SCA;
>> the deterministic signatures are vulnerable to fault injection.
>> In the medium term, however, the switch to post-quantum cryptography is necessary;
>> there are comprehensive recommendations on this at [2]
>
> Now, european banking and health industry still do rely heavily on brainpool curves.
> Given all these facts, I hereby request to undo the depracation of brainpool EC in OpenJDK.
>
> Please let me know what lead to the assumption that brainpool ciphers were deprecated.
> Neither NIST nor BSI seems to be the source. Given all the facts, it should still be included.
>
> References:
>
> [1]: https://bugs.openjdk.org/browse/JDK-8234924
> [2]: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/quantentechnologien-und-post-quanten-kryptografie_node.html
>
> Mit freundlichen Grüßen
>
> Benjamin Marwell
>
More information about the security-dev
mailing list