datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS)
RFC 7027

Document type: RFC - Informational (October 2013)
Updates RFC 4492
Was draft-merkle-tls-brainpool (individual in sec area)
Document stream: IETF
Last updated: 2013-10-02
Other versions: plain text, pdf, html
IETF State: (None)
Consensus: Unknown
Document shepherd: Dan Harkins
Shepherd Write-Up: Last changed 2013-06-20
IESG State: RFC 7027 (Informational)
IANA Review State: IANA OK - Actions Needed
IANA Action State: RFC-Ed-Ack
Responsible AD: Sean Turner
Send notices to: johannes.merkle@secunet.com, manfred.lochter@bsi.bund.de, draft-merkle-tls-brainpool@tools.ietf.org, dharkins@lounge.org
Email Authors | IPR Disclosures | References | Referenced By | Check nits | History feed | Search Mailing Lists 
Internet Engineering Task Force (IETF)                         J. Merkle
Request for Comments: 7027                     secunet Security Networks
Updates: 4492                                                 M. Lochter
Category: Informational                                              BSI
ISSN: 2070-1721                                             October 2013

           Elliptic Curve Cryptography (ECC) Brainpool Curves
                   for Transport Layer Security (TLS)

Abstract

   This document specifies the use of several Elliptic Curve
   Cryptography (ECC) Brainpool curves for authentication and key
   exchange in the Transport Layer Security (TLS) protocol.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7027.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Merkle & Lochter              Informational                     [Page 1]
RFC 7027              ECC Brainpool Curves for TLS          October 2013

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Brainpool NamedCurve Types  . . . . . . . . . . . . . . . . . . 2
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
     5.1.  Normative References  . . . . . . . . . . . . . . . . . . . 4
     5.2.  Informative References  . . . . . . . . . . . . . . . . . . 4
   Appendix A.  Test Vectors . . . . . . . . . . . . . . . . . . . . . 6
     A.1.  256-Bit Curve . . . . . . . . . . . . . . . . . . . . . . . 7
     A.2.  384-Bit Curve . . . . . . . . . . . . . . . . . . . . . . . 8
     A.3.  512-Bit Curve . . . . . . . . . . . . . . . . . . . . . . . 9

1.  Introduction

   [RFC5639] specifies a new set of elliptic curve groups over finite
   prime fields for use in cryptographic applications.  These groups,
   denoted as ECC Brainpool curves, were generated in a verifiably
   pseudo-random way and comply with the security requirements of
   relevant standards from ISO [ISO1] [ISO2], ANSI [ANSI1], NIST [FIPS],
   and SecG [SEC2].

   [RFC4492] defines the usage of elliptic curves for authentication and
   key agreement in TLS 1.0 and TLS 1.1; these mechanisms may also be
   used with TLS 1.2 [RFC5246].  While the ASN.1 object identifiers
   defined in [RFC5639] already allow usage of the ECC Brainpool curves
   for TLS (client or server) authentication through reference in X.509
   certificates according to [RFC3279] and [RFC5480], their negotiation
   for key exchange according to [RFC4492] requires the definition and
   assignment of additional NamedCurve IDs.  This document specifies
   such values for three curves from [RFC5639].

2.  Brainpool NamedCurve Types

   According to [RFC4492], the name space NamedCurve is used for the
   negotiation of elliptic curve groups for key exchange during a
   handshake starting a new TLS session.  This document adds new
   NamedCurve types to three elliptic curves defined in [RFC5639] as
   follows:

           enum {
                brainpoolP256r1(26),
                brainpoolP384r1(27),
                brainpoolP512r1(28)
           } NamedCurve;

   These curves are suitable for use with Datagram TLS [RFC6347].

Merkle & Lochter              Informational                     [Page 2]
RFC 7027              ECC Brainpool Curves for TLS          October 2013

   Test vectors for a Diffie-Hellman key exchange using these elliptic

[include full document text]