ECC Brainpool Curves for Transport Layer Security (TLS) Version 1.3
draft-bruckert-brainpool-for-tls13-07

Document Type Active Internet-Draft (individual)
Last updated 2019-11-20 (latest revision 2019-09-26)
Stream ISE
Intended RFC status Informational
Formats plain text pdf htmlized bibtex
IETF conflict review conflict-review-bruckert-brainpool-for-tls13
Stream ISE state Sent to the RFC Editor
Consensus Boilerplate Unknown
Document shepherd Adrian Farrel
Shepherd write-up Show (last changed 2019-08-14)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to Adrian Farrel <rfc-ise@rfc-editor.org>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
RFC Editor RFC Editor state RFC-EDITOR
Network Working Group                                        L. Bruckert
Internet-Draft                                                 J. Merkle
Intended status: Informational                 secunet Security Networks
Expires: March 29, 2020                                       M. Lochter
                                                                     BSI
                                                      September 26, 2019

  ECC Brainpool Curves for Transport Layer Security (TLS) Version 1.3
                 draft-bruckert-brainpool-for-tls13-07

Abstract

   ECC Brainpool curves were an option for authentication and key
   exchange in the Transport Layer Security (TLS) protocol version 1.2,
   but were deprecated by the IETF for use with TLS version 1.3 because
   they had little usage.  However, these curves have not been shown to
   have significant cryptographical weaknesses, and there is some
   interest in using several of these curves in TLS 1.3.

   This document provides the necessary protocol mechanisms for using
   ECC Brainpool curves in TLS 1.3.  This approach is not endorsed by
   the IETF.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 29, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents

Bruckert, et al.         Expires March 29, 2020                 [Page 1]
Internet-Draft      ECC Brainpool Curves for TLS 1.3      September 2019

   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Terminology  . . . . . . . . . . . . . . . . . .   3
   3.  Brainpool NamedGroup Types  . . . . . . . . . . . . . . . . .   3
   4.  Brainpool SignatureScheme Types . . . . . . . . . . . . . . .   3
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Appendix A.  Test Vectors . . . . . . . . . . . . . . . . . . . .   8
     A.1.  256 Bit Curve . . . . . . . . . . . . . . . . . . . . . .   8
     A.2.  384 Bit Curve . . . . . . . . . . . . . . . . . . . . . .   9
     A.3.  512 Bit Curve . . . . . . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   [RFC5639] specifies a new set of elliptic curve groups over finite
   prime fields for use in cryptographic applications.  These groups,
   denoted as ECC Brainpool curves, were generated in a verifiably
   pseudo-random way and comply with the security requirements of
   relevant standards from ISO [ISO1] [ISO2], ANSI [ANSI1], NIST [FIPS],
   and SecG [SEC2].

   [RFC8422] defines the usage of elliptic curves for authentication and
   key agreement in TLS 1.2 and earlier versions, and [RFC7027] defines
   the usage of the ECC Brainpool curves for authentication and key
   exchange in TLS.  The latter is applicable to TLS 1.2 and earlier
   versions, but not to TLS 1.3 that deprecates the ECC Brainpool Curve
   IDs defined in [RFC7027] due to the lack of widespread deployment
   However, there is some interest in using these curves in TLS 1.3.

   The negotiation of ECC Brainpool Curves for key exchange in TLS 1.3
   according to [RFC8446] requires the definition and assignment of
   additional NamedGroup IDs.  This document provides the necessary
   definition and assignment of additional SignatureScheme IDs for using
   three ECC Brainpool Curves from [RFC5639].

Bruckert, et al.         Expires March 29, 2020                 [Page 2]
Show full document text