ACTION-227: text specifying ECC curves in XMLENC from Brian LaMacchia on 2009-03-17 (public-xmlsec@w3.org from March 2009)

From: Brian LaMacchia <bal@exchange.microsoft.com>
Date: Tue, 17 Mar 2009 00:10:50 -0700
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <74E73C480934DB4C970F9DE94E6507CB0132E899D6D8@DF-GRTDANE-MSG.exchange.corp.micro>

All,

ACTION-227 requests that I provide "Draft text encryption algorithms regarding ECC algorithms and what curves should be used".  I believe that we should add the following text as the second paragraph to Section 5.5.4 ("Elliptic Curve Diffie-Hellman (ECDH) Key Agreement (Ephemeral-Static Mode)") of XMLENC to make the curve requirements clear:


Compliant implementations are REQUIRED to support ECDH-ES key agreement using the P-256 prime curve specified in Section D.2.3 of FIPS 186-3 [FIPS186-3].  (This is the same curve that is REQUIRED in XMLDSIG 1.1 to be supported for the ECDSAwithSHA256 algorithm.)  It is further RECOMMENDED that implementations also support the P-384 and P-521 prime curves for ECDH-ES; these curves are defined in Sections D.2.4 and D.2.5 of FIPS 186-3, respectively.


We'll also need to add reference [FIPS186-3] to the References section of XMLENC.

                                                                                --bal

Received on Tuesday, 17 March 2009 07:11:34 UTC