On 01/02/2014 08:50 AM, Salz, Rich wrote: > [Dr. Stephen Henson wrote:] >> So Curve25519 needs a standard OID and some notes on the format to use for >> ASN.1. Does such a thing exist? > > I don't think so.
yes, i mentioned it up-thread: https://tools.ietf.org/html/draft-josefsson-tls-curve25519-01 this isn't formalized yet, and it raised discussion that wasn't yet resolved, but it's the document to work from, i think. > Perhaps the TLS list is the place to discuss this? Should we (I?) start a > thread there on a proposal to fit Curve25519 into common TLS usage? > > Strawman proposal: > The keys are OCTET STRING (or does BIGNUM fit better with existing > code?) > Y is fixed at zero > An OID is assigned from the IETF arc > > Anything else missing? I think we want to clarify the distinction between ECDHE (key exchange) and ECDSA (PKIX). it sounds like Curve25519 is only going to be useful for ECDHE, and if we want to provide a parallel to ECDSA, we would need to move to EdDSA, which involves even more specification work. I would be happy to avoid the PKIX stuff for now and just get the thing standardized for ECDHE. > I can ask djb but I bet he *really* doesn't care. :) I don't think we need to involve djb in this directly. if he was interested in the standardization process, he could easily get involved in it. He's shown pretty clearly that he doesn't bother with that kind of stuff historically :/ --dkg
signature.asc
Description: OpenPGP digital signature
