Elliptic Curve Cryptography Subject Public Key Information
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, pkix mailing list <email@example.com>, pkix chair <firstname.lastname@example.org> Subject: Protocol Action: 'Elliptic Curve Cryptography Subject Public Key Information' to Proposed Standard The IESG has approved the following document: - 'Elliptic Curve Cryptography Subject Public Key Information ' <draft-ietf-pkix-ecc-subpubkeyinfo-11.txt> as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Pasi Eronen and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-ecc-subpubkeyinfo-11.txt
Technical Summary The subjectPublicKeyInfo field of an X.509 certificate carries three data items: an algorithm identifier, optional parameters, and a bit string that represents the public key. The parameters are specific to the algorithm and this field usually contains simple values needed to characterize the public key algorithm, e.g., the generator and modulus for Diffie-Hellman. However, X.509 does not constrain the scope of this parameters field. The ANSI X9.62 standards allow parameters to name the curve via an object identifier, inherit the curve from an issuer, or fully specify the curve. To fully specify the curve a complex structure is required. Further, the ANSI X9.62 standards committee elected to use this field to express potentially complex limitations on how the public key in the certificate can be used, e.g., which key derivation functions can be applied to the bit string that results from a Diffie-Hellman key exchange. After considerable debate the PKIX WG decided to limit the number of parameter choices to one: the name the curve with an object identifier (namedCurve). This decision was based on implementers desire to use well known curves from NIST and the complexity of the specifiedCurve field (not to mention the 20+ pages it saved). The WG also decided to restrict the number of algorithm identifiers to three: id-ecPublicKey, id-ecDH, and id-ECMQV. The id-ecPublicKey object identifier is when a CA does not want to limit the key for use with a particular ECC algorithm. ECDSA will use this object identifier, as it is already widely implemented. The id-ecDH and id-ecMQV object identifiers are used to restrict the key for use with ECDH and ECMQV, respectively. The SHA-224, SHA-256, SHA-384, and SHA-512 algorithms and the NIST curves were added to the ASN.1 modules. Working Group Summary This ID was discussed extensively on the PKIX WG mailing list. A poll was taken to remove the specifiedCurve option. The WG was in favor of the change. The other comments were about document quality. Document Quality This document is a fairly length update of three sections of RFC 3279 (Sections 2.3.5, 3, and 5) and includes a long ASN.1 module. The quality of the draft is comparable in quality to its predecessor Personnel The document shepherd is Stefan Santesson. The responsible area director is Pasi Eronen.