Key Transport with ECC keys in XML Encryption 1.1 from Pratik Datta on 2009-05-20 (public-xmlsec@w3.org from May 2009)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Wed, 20 May 2009 14:35:40 -0700
To: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <4A1477AC.1030308@oracle.com>

For XML Encryption 1.1, we added a ECC Key agreement scheme ECDH-ES.  
Can't we also add a Key Transport scheme - like ECIES?  However I think 
that NIST Suite B does not allow ECIES.

I am thinking of how hard it is to uptake ECC in higher level specs like 
WS-Security.  For encryption there is often an assumption that the data 
will be encrypted using an <EncryptedKey>, and this EncryptedKey is 
encrypted with a public key. To do this with elliptic keys, we need a 
Key Transport mechanism that supports Elliptic Keys. ECDH Key Agreement 
cannot be used here.

Note:  ECDSA signatures can be used in WS-Security with no schema 
changes. WS-Security uses  <BinarySecurityToken> to represent X509 
certificates. So this token can also represent ECC X509 certs, and data 
can be signed using this token.  But ECDH KeyAgreement cannot be that 
easily used in WS-Security - as most encryption scenarios in WS-Security 
use an EncrpytedKey.


Pratik

Received on Wednesday, 20 May 2009 21:36:27 UTC