I personally want to be able to pick a curve based on either it's name or its OID with equal ease and simplicity.
For example, a GUI application is (usually) better off using names, and an app that parses a certificate would want a nice mechanism of accessing curves via OID. Sent from my iPad > On Sep 25, 2016, at 11:37, Jeffrey Walton <[email protected]> wrote: > > Hi Everyone, > > Elliptic curves can have two presentations. The first is a friendly name, > like "secp256r1" (or its OID). The second is the full parameter expansion, > like using the domain parameters {p,ab,n,G,h,n}. By default we use the second > method - domain parameter expansion. > > We can promote interop by using the curve name rather than the domain > parameters. Some standards, like some of the RFCs, favor friendly names. In > fact, they say to fail certificate validation if a named curve is not present > (even if the domain parameters are). > > We can also avoid subtle bugs like this one at OpenSSL: > http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves. > > I'd like to try using named curves by default with Crypto++. I believe its as > simple as "m_encodeAsOID(true)" > (http://github.com/weidai11/cryptopp/blob/master/eccrypto.h#L40). > > Are there any thoughts or objections? > > Jeff > -- > -- > You received this message because you are subscribed to the "Crypto++ Users" > Google Group. > To unsubscribe, send an email to [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
