Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Hal Finney <hal.finney <at> gmail.com>
Subject: Re: draft-lochter-pkix-brainpool-ecc-01.txt
Newsgroups: gmane.ietf.irtf.cfrg
Date: Friday 11th April 2008 17:55:44 UTC (over 9 years ago)
Found the draft RFC here:
http://www.ietf.org/internet-drafts/draft-lochter-pkix-brainpool-ecc-01.txt

This is a very good idea. Present NIST curves do not have proofs that
all their parameters are random, a fact which caused trouble when it
came time to create the EC RNG in FIPS SP 800-90, as pointed out by
Shumow and Ferguson, who found a possible backdoor. NIST curves also
are optimized for performance, with field primes that have a lot of 1
bits at the top, allowing for very fast modular arithmetic. However
certain techniques along these lines are patented so there is a risk
that NIST may be inadvertently leading implementors into legal
trouble. Using random primes will avoid this problem. Hopefully
performance will still be acceptable.

The only concern I have is that the actual proofs of randomness, and
explanations of the curve generation algorithms necessary to verify
those proofs, are in a supplemental document at
http://www.ecc-brainpool.org/download/Domain-parameters.pdf
and not
part of the RFC. I would like to see this additional information
submitted as an RFC for future archival purposes, so that people 50
years from now can verify that these curves are good, without relying
on an external site.

Hal Finney
PGP Corporation

On Wed, Apr 9, 2008 at 4:06 PM, David McGrew  wrote:
> Hi Bob,
>
> I got this mail as a bounce, not sure why, so I'm forwarding it to the
list.
> I'm no specialist in the area of elliptic curve cryptography, but the
goals
> that are outlined in this draft look like good ones to me.
>
> David
>
> On Apr 9, 2008, at 3:58 PM, [email protected] wrote:
>
> From: Bob Braden 
> Date: April 9, 2008 3:57:38 PM PDT
> To: [email protected]
> Cc: [email protected], [email protected]
> Subject: draft-lochter-pkix-brainpool-ecc-01.txt
>
>
>
> The Internet Draft draft-lochter-pkix-brainpool-ecc-01.txt with title:
> "ECC Brainpool Standard Curves and Curve Generation" has been submitted
> to the RFC Editor as an independent submission.  This mailing list has
> been suggested as a reservoir of expertise in the area of this draft.
>
> If you have comments on it, we would like to see them.  In the absence
> of negative comments, we are inclined to publish the draft as an RFC.
>
> Thanks,
>
> RFC Editor/bb
>
>
>
>
>
> _______________________________________________
>  Cfrg mailing list
>  [email protected]
>  https://www.ietf.org/mailman/listinfo/cfrg
>
>
 
CD: 3ms