Fw: Re: 7007966: Add Brainpool ECC support (RFC 5639)
Samuel Lidén Borell
samuel at primekey.se
Thu Dec 23 15:20:35 PST 2010
I think this was supposed to be sent to the list.
(It was my fault actually; I messed up in my second e-mail so it didn't have the security-dev in the "To" header. So replies to it get sent to me and not the list. Sorry.)
Begin forwarded message:
Date: Thu, 23 Dec 2010 16:29:02 -0500
From: Michael StJohns <mstjohns at comcast.net>
To: Samuel Lidén Borell <samuel at primekey.se>, Xuelei Fan <xuelei.fan at Oracle.com>
Subject: Re: 7007966: Add Brainpool ECC support (RFC 5639)
There's support for TLS and then there's support in the JDK, and finally there's support in PKCS11. As I recall, sun/security/ec/NamedCurve and sun/security/ec/SunECEntries need to be modified to add the name to OID mappings so that external libs can support those curves as providers - that also covers PKCS11 mostly. Changes are about a line each in those two files, but you'll have to use something like BouncyCastle to actually implement the curve.
The issue of adding support for a brainpool curve in TLS is a somewhat orthogonal issue. To add this to the IANA registry requires another RFC, or a mod to the existing RFC 5246. Given the date of that RFC and the date of the brainpool curves and the composition of the RFC authors, I'd say a conscious decision was made to not include the curves in the RFC - probably for IPR reasons. I could be wrong.
At 03:27 AM 12/23/2010, Samuel Lidén Borell wrote:
>I've never worked with transport security so it's not really my area, and I don't know of any efforts to get Brainpool registered with IANA.
>Samuel Lidén Borell
>On Wed, 22 Dec 2010 22:08:39 +0800
>Xuelei Fan <xuelei.fan at Oracle.com> wrote:
>> To use those EC curves in TLS, IANA need to register these curves[*]. Do
>> you know any effort to use these curves in TLS?
>> On 12/22/2010 9:38 PM, Samuel Lidén Borell wrote:
>> > Hi,
>> > Would it be possible to support Brainpool ECC  in OpenJDK (as named curves)? The Brainpool curves are used in European ePassport deployments, for example.
>> > I've submitted a RFE  and started working on a patch .
>> >  http://tools.ietf.org/html/rfc5639
>> >  http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7007966
>> >  https://gist.github.com/740601
>> > Regards,
>> > Samuel Lidén Borell
Samuel Lidén Borell <samuel at slbdata.se>
More information about the security-dev