Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS)
RFC 7027

 
Document Type RFC - Informational (October 2013; Errata)
Updates RFC 4492
Was draft-merkle-tls-brainpool (individual in sec area)
Last updated 2015-02-04
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd Dan Harkins
Shepherd write-up Show (last changed 2013-06-20)
IESG IESG state RFC 7027 (Informational)
Telechat date
Responsible AD spt
Send notices to johannes.merkle@secunet.com, manfred.lochter@bsi.bund.de, draft-merkle-tls-brainpool@ietf.org, dharkins@lounge.org
IANA IANA review state IANA OK - Actions Needed
IANA action state RFC-Ed-Ack
Internet Engineering Task Force (IETF)                         J. Merkle
Request for Comments: 7027                     secunet Security Networks
Updates: 4492                                                 M. Lochter
Category: Informational                                              BSI
ISSN: 2070-1721                                             October 2013

           Elliptic Curve Cryptography (ECC) Brainpool Curves
                   for Transport Layer Security (TLS)

Abstract

   This document specifies the use of several Elliptic Curve
   Cryptography (ECC) Brainpool curves for authentication and key
   exchange in the Transport Layer Security (TLS) protocol.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7027.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Merkle & Lochter              Informational                     [Page 1]
RFC 7027              ECC Brainpool Curves for TLS          October 2013

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Brainpool NamedCurve Types  . . . . . . . . . . . . . . . . . . 2
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
     5.1.  Normative References  . . . . . . . . . . . . . . . . . . . 4
     5.2.  Informative References  . . . . . . . . . . . . . . . . . . 4
   Appendix A.  Test Vectors . . . . . . . . . . . . . . . . . . . . . 6
     A.1.  256-Bit Curve . . . . . . . . . . . . . . . . . . . . . . . 7
     A.2.  384-Bit Curve . . . . . . . . . . . . . . . . . . . . . . . 8
     A.3.  512-Bit Curve . . . . . . . . . . . . . . . . . . . . . . . 9

1.  Introduction

   [RFC5639] specifies a new set of elliptic curve groups over finite
   prime fields for use in cryptographic applications.  These groups,
   denoted as ECC Brainpool curves, were generated in a verifiably
   pseudo-random way and comply with the security requirements of
   relevant standards from ISO [ISO1] [ISO2], ANSI [ANSI1], NIST [FIPS],
   and SecG [SEC2].

   [RFC4492] defines the usage of elliptic curves for authentication and
   key agreement in TLS 1.0 and TLS 1.1; these mechanisms may also be
   used with TLS 1.2 [RFC5246].  While the ASN.1 object identifiers
   defined in [RFC5639] already allow usage of the ECC Brainpool curves
   for TLS (client or server) authentication through reference in X.509
   certificates according to [RFC3279] and [RFC5480], their negotiation
   for key exchange according to [RFC4492] requires the definition and
   assignment of additional NamedCurve IDs.  This document specifies
   such values for three curves from [RFC5639].

2.  Brainpool NamedCurve Types

   According to [RFC4492], the name space NamedCurve is used for the
   negotiation of elliptic curve groups for key exchange during a
   handshake starting a new TLS session.  This document adds new
   NamedCurve types to three elliptic curves defined in [RFC5639] as
   follows:

           enum {
                brainpoolP256r1(26),
                brainpoolP384r1(27),
                brainpoolP512r1(28)
           } NamedCurve;

   These curves are suitable for use with Datagram TLS [RFC6347].

Merkle & Lochter              Informational                     [Page 2]
RFC 7027              ECC Brainpool Curves for TLS          October 2013

   Test vectors for a Diffie-Hellman key exchange using these elliptic
Show full document text