Other ECC Curves

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Other ECC Curves

Rick Andrews
AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. Are any other ECC curves supported by Mozilla, in case one wanted to use a different curve? Is the list of supported algorithms and key sizes published somewhere?
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Other ECC Curves

Kurt Roeckx
On Mon, Jun 09, 2014 at 04:27:56PM -0700, Rick Andrews wrote:
> AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. Are any other ECC curves supported by Mozilla, in case one wanted to use a different curve? Is the list of supported algorithms and key sizes published somewhere?

As far as I know NSS currently only supports P256, P384 and P521.

I would like to add brainpool to that, which should be easy.

I would also like to see Ed25519, but there is no standard on how
to do that yet.


Kurt

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Other ECC Curves

Rick Andrews
In reply to this post by Rick Andrews
On Monday, June 9, 2014 4:27:56 PM UTC-7, Rick Andrews wrote:
> AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. Are any other ECC curves supported by Mozilla, in case one wanted to use a different curve? Is the list of supported algorithms and key sizes published somewhere?

Sorry about the double-post; I got an error the first time so I decided to retry.

There's an active conversation in the TLS Working Group of the IETF on ECC curves:
http://www.ietf.org/mail-archive/web/tls/current/msg12761.html
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Other ECC Curves

Robert Relyea
In reply to this post by Kurt Roeckx
On 06/10/2014 09:47 AM, Kurt Roeckx wrote:
> On Mon, Jun 09, 2014 at 04:27:56PM -0700, Rick Andrews wrote:
>> AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. Are any other ECC curves supported by Mozilla, in case one wanted to use a different curve? Is the list of supported algorithms and key sizes published somewhere?
> As far as I know NSS currently only supports P256, P384 and P521.

More exactly NSS can support the initial TLS suite of curves, but almost
all users (including mozilla and redhat) of NSS just compile the above 3
NIST curves.

>
> I would like to add brainpool to that, which should be easy.
>
> I would also like to see Ed25519, but there is no standard on how
> to do that yet.

Adding support for any curve within NSS should be relatively
straightforward. Convincing particular entities to ship with other
curves enable is another matter.

bob
>
>
> Kurt
>



--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Other ECC Curves

Julien Pierre-3
In reply to this post by Rick Andrews
Oracle ships products with NSS built with a set of 25 curves. These are
mostly server products, but they also can act as client.

The full curve list is in :

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/freebl/ecl/ecl-curve.h&rev=1.4&root=/cvsroot

However, Mozilla and others typically don't support the full set and
build with the following file :

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/freebl/ecl/ecl-curve.h&rev=1.7&root=/cvsroot

Julien

On 6/9/2014 16:27, Rick Andrews wrote:
> AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. Are any other ECC curves supported by Mozilla, in case one wanted to use a different curve? Is the list of supported algorithms and key sizes published somewhere?

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Other ECC Curves

Gervase Markham
In reply to this post by Rick Andrews
On 11/06/14 03:00, Julien Pierre wrote:
> However, Mozilla and others typically don't support the full set and
> build with the following file :
>
> http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/freebl/ecl/ecl-curve.h&rev=1.7&root=/cvsroot

Is this because there are potential legal issues with some of the
removed curves?

Gerv

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Other ECC Curves

cod3 ang3l
In reply to this post by Rick Andrews
On Tue, 2014-06-10 at 18:47 +0200, Kurt Roeckx wrote:
> I would also like to see Ed25519, but there is no standard on how
> to do that yet.

I added patch for Curve25519 to
https://bugzilla.mozilla.org/show_bug.cgi?id=957105

Is patch good?
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Other ECC Curves

Erwann ABALEA-3
In reply to this post by Rick Andrews
Le mercredi 11 juin 2014 11:58:24 UTC+2, cod3 ang3l a écrit :
> On Tue, 2014-06-10 at 18:47 +0200, Kurt Roeckx wrote:
>
> > I would also like to see Ed25519, but there is no standard on how
> > to do that yet.
>
> I added patch for Curve25519 to
> https://bugzilla.mozilla.org/show_bug.cgi?id=957105
>
> Is patch good?

This patch is only valid for key exchange (ECDH), while Rick's email is about certificate signing (ECDSA). Curve25519, and probably other Bernstein's curves, can't be used with ECDSA (EdDSA must be used, a different algo).

Rick, if you want to support other curves (Brainpool?), you should also propose a ballot for this at CABF.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto