You seem to be miss-understanding something here. The question is not "decide whether to favor OIDs or names in the library interface" (because if a curve has an OID it is always named and vice versa) it is about, "should we favor the OID or the 5-parameter-set in the library interface".
The parameter set consists of * a Field (which usually uses a prime) * two curve parameters (FieldElements / Integers) * two integers encoding the base-point (each of which you need to construct manually and separately with Crypto++ IIRC) The OID is basically some opaque value, which the library then matches against its database of curves and loads the associated parameter set. The change in question is, whether the library should default to the former (parameter set) or the latter (single, database-backed OID value) when encoding the curve information, both formats will still be available after a single additional function call. As for my opinion, yes I'm totally fine with defaulting to the OID, given how rare use-cases are for which you'd need to supply custom curve parameters. This is especially true given the fact that it's really hard to find tools that generate ECC parameter sets, AFAICT there's just about one out there and its use is prohibited in some countries due to legal reasons. BR JPM Am 25.09.2016 um 20:42 schrieb Mobile Mouse: > I personally want to be able to pick a curve based on either it's name > or its OID with equal ease and simplicity. > > For example, a GUI application is (usually) better off using names, > and an app that parses a certificate would want a nice mechanism of > accessing curves via OID. > > Sent from my iPad > > On Sep 25, 2016, at 11:37, Jeffrey Walton <[email protected] > <mailto:[email protected]>> wrote: > >> Hi Everyone, >> >> Elliptic curves can have two presentations. The first is a friendly >> name, like "secp256r1" (or its OID). The second is the full parameter >> expansion, like using the domain parameters {p,ab,n,G,h,n}. By >> default we use the second method - domain parameter expansion. >> >> We can promote interop by using the curve name rather than the domain >> parameters. Some standards, like some of the RFCs, favor friendly >> names. In fact, they say to fail certificate validation if a named >> curve is not present (even if the domain parameters are). >> >> We can also avoid subtle bugs like this one at OpenSSL: >> http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves. >> >> I'd like to try using named curves by default with Crypto++. I >> believe its as simple as "m_encodeAsOID(true)" >> (http://github.com/weidai11/cryptopp/blob/master/eccrypto.h#L40). >> >> Are there any thoughts or objections? >> >> Jeff >> -- >> -- >> You received this message because you are subscribed to the "Crypto++ >> Users" Google Group. >> To unsubscribe, send an email to >> [email protected] >> <mailto:[email protected]>. >> More information about Crypto++ and this group is available at >> http://www.cryptopp.com. >> --- >> You received this message because you are subscribed to the Google >> Groups "Crypto++ Users" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected] >> <mailto:[email protected]>. >> For more options, visit https://groups.google.com/d/optout. > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google > Groups "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
