Technical Summary
The subjectPublicKeyInfo field of an X.509 certificate carries
three data items: an algorithm identifier, optional parameters, and
a bit string that represents the public key. The parameters are
specific to the algorithm and this field usually contains simple
values needed to characterize the public key algorithm, e.g., the
generator and modulus for Diffie-Hellman. However, X.509 does not
constrain the scope of this parameters field. The ANSI X9.62
standards allow parameters to name the curve via an object
identifier, inherit the curve from an issuer, or fully specify the
curve. To fully specify the curve a complex structure is required.
Further, the ANSI X9.62 standards committee elected to use this
field to express potentially complex limitations on how the public
key in the certificate can be used, e.g., which key derivation
functions can be applied to the bit string that results from a
Diffie-Hellman key exchange.
After considerable debate the PKIX WG decided to limit the number
of parameter choices to one: the name the curve with an object
identifier (namedCurve). This decision was based on implementers
desire to use well known curves from NIST and the complexity of the
specifiedCurve field (not to mention the 20+ pages it saved).
The WG also decided to restrict the number of algorithm identifiers
to three: id-ecPublicKey, id-ecDH, and id-ECMQV. The
id-ecPublicKey object identifier is when a CA does not want to
limit the key for use with a particular ECC algorithm. ECDSA will
use this object identifier, as it is already widely implemented.
The id-ecDH and id-ecMQV object identifiers are used to restrict
the key for use with ECDH and ECMQV, respectively.
The SHA-224, SHA-256, SHA-384, and SHA-512 algorithms and the NIST
curves were added to the ASN.1 modules.
Working Group Summary
This ID was discussed extensively on the PKIX WG mailing list. A
poll was taken to remove the specifiedCurve option. The WG was in
favor of the change. The other comments were about document
quality.
Document Quality
This document is a fairly length update of three sections of RFC
3279 (Sections 2.3.5, 3, and 5) and includes a long ASN.1 module.
The quality of the draft is comparable in quality to its predecessor
Personnel
The document shepherd is Stefan Santesson. The responsible
area director is Pasi Eronen.