Re: Double-checking with NUMS and Curve 25519 [was Re: Elliptic Curve Extensibility - your view is expected] from Richard Barnes on 2014-10-17 (public-webcrypto@w3.org from October 2014)

From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 16 Oct 2014 18:01:19 -0700
To: Trevor Perrin <trevp@trevp.net>
Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org Working Group" <public-webcrypto@w3.org>, Brian LaMacchia <bal@microsoft.com>
Message-ID: <CAL02cgR+JsdXaGhN17HBtL=S44x2K-Scm6JguE3eLoRHp+YP5g@mail.gmail.com>

On Thu, Oct 16, 2014 at 5:55 PM, Trevor Perrin <trevp@trevp.net> wrote:

> On Thu, Oct 16, 2014 at 10:25 AM, Harry Halpin <hhalpin@w3.org> wrote:
> >>
> >> From: Mark Watson [mailto:watsonm@netflix.com]
> >>
> >> (1) For SPKI and PKCS8 import / export the curve must be identified
> entirely and only by the namedCurve choice of the parameters field of the
> algorithm field of algorithm field of the SPKI
> >> (2) for SPKI import, the EC public key can be identified by the
> "conversion steps defined in Section 2.2 of RFC 5480"
> >> (3) for PKCS8 import, the EC private key can be identified by the
> "conversion steps defined in Section 3 of RFC 5915"
> >> (4) for JWK import, the EC public key can be identified by
> "interpreting jwk according to Section 6.2.2 of JSON Web Algorithms"
> >> (5) for JWK import, the EC private key can be identified by
> "interpreting jwk according to Section 6.2.1 of JSON Web Algorithms"
> >> (6) for SPKI export, the EC public key has a defined representation as
> an octet string
> >> (7) for PKCS8 export, the key has a defined representation as "an
> instance of the ECPrivateKey structure defined in Section 3 of RFC 5915"
> >> (8) for JWK export, the EC public key has a representation as "x" and
> "y" values according to Sections 6.2.1.2 and 6.1.2.3 of JWA, respectively
> and the EC private key has a representatopm as a "d" value according to
> 6.2.2.1 of JWA
> >>
> >> If any of these things are not true for some potential future named
> curve then the curve could only be added to the existing ECDSA and ECDH
> algorithms if the key format concerned is not supported. Otherwise, the
> curve would have to be added as a new algorithm instead.
>
>
> Hi everyone,
>
> I think new curves may want single-coordinate or compressed public-key
> formats, and may do other things differently from X9.62/63.  At least,
> this is true for current uses of 25519.
>
> Is there anything here that would make it hard to just add new curves
> via new algorithms (like my "ECDH-CURVE25519" draft)?
>

AFAICT, that should still be possible.  That's obviously a more
heavy-weight option, though.
--Richard


>
> Trevor
>
>

Received on Friday, 17 October 2014 01:01:46 UTC