On Sun, May 15, 2016 at 1:31 PM, Jesse Wilson <[email protected]> wrote: > I definitely like the idea of a canonical form. That makes everything easy! > But which format is the canonical one?
It depends. One way to do it is to expand to domain parameters. All named curves can be expanded to its constituent domain parameters. Another way to do it is by comparing public points after you determine the named curve or domain parameters are equivalent. What you can't do is take domain parameters, and map _all_ of them back to named curves. Custom curves likely won't have an OID associated with them. Additionally, not all named curves are recognized by all libraries. For example, the old 1998 X9.62 curves are mostly no longer supported; and the WTLS curves are usually not supported because of weaker parameters even though they have well known names. For completeness, the public point is the coordinate Q=(x,y), and its created by raising the base point G to the private exponent x (i.e., Q=G^x). But for the Q=G^x machinery to work, the domain parameters need to be the same for both parties, Jeff _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
