ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ECC curve ID

2008-05-05 03:31:32
from [Werner Koch] [Permanent Link] 

On Fri, 18 Apr 2008 20:47, openpgp(_at_)brainhub(_dot_)org said:


Pros for OpenPGP IDs.

1) Vote of confidence for a particular curve. If it is included,
potential implementers have agreed on it. It will be more likely
widely supported. For example this is useful for hardware folks who
plan far ahead, plays in the decisions about which curve to use in key
self-signatures, and gives priorities to performance optimizations.


The same can be said of OIDs.


2) Shorter public keys, faster, smaller code (switch() v.s. memcmp()).


Well, okay.


3) consistency with the way OpenPGP references other algorithms.


Only if we agree that a curveID describes an OpenPGP algorithm.  In my
view this is a parameter of the algorithm, much like p, q and g in DSA
or even the key size of all aglgorithms.

For sure I do not want to convey all ECC curve parameters, thus using a
way to describe the curve is important.


4) Named curves can be introduced as an extension. The core set of
curves will be encoded as integers, others as named curves.


I thought of that and was about to propose a format using an ID of 0 to
identify a named curve.  However the specification as well as the code
will be more complicated - even in the case that named curves are not
supported by the implementation.  


Do you see any value in having some approval process for new curves?
Does it bother you that I can use some questionable curve and it will
carry equal status per the spec to the three curves we discussed so
far (will we have a method to distinguish "next good" curve past P-521
from an experimental curve) ?


No.  We also don't approve implementations and have no real limits on
key sizes.  It is easy to get things wrong.  Using a good curve is as
important as to use sound parameters for RSA.


Can we reach an agreement if the document also defined a method to
list named curves, along the lines of Werner's proposal?


If there is no other way to allow for arbitrary curves, I would agree to
it. However, I still believe that an OID with a memcmp in the code is
easier to implement than a numeric ID with a switch and a mechnism to
cope withe the optional OID named curve.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenPGP keys and Suite-B, Ian G
Next by Date:  Re: OpenPGP keys and Suite-B, Ian G
Previous by Thread:  OpenPGP keys and Suite-B, Andrey Jivsov
Next by Thread:  Re: ECC curve ID, Andrey Jivsov
Indexes:  [Date] [Thread] [Top] [All Lists]