Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D12108
Leonie,
Can you say more about your intended outcome here? You don't need to
have an RFC in order to register these code points.
Are you hoping for WG acceptance, or are you just planning to register
on the basis of the I-D?
-Ekr
COMMENTS
S 1.
> Brainpool Curves in earlier TLS versions.
>
> The negotiation of ECC Brainpool Curves for key exchange according to
> [RFC8446] requires the definition and assignment of additional
> NamedGroup IDs. This document specifies such values for three curves
> from [RFC5639].
I think you want to state that this works for TLS 1.2 as well.
S 2.
> brainpoolP384r1(TBD2),
> brainpoolP512r1(TBD3)
> } NamedGroup;
>
> The encoding of ECDHE parameters as defined in section 4.2.8.2 of
> [RFC8446] also applies to this document.
Which encoding? The structured encoding used for NIST curves or the
blob one used for the CFRG curves.
S 3.
>
> enum {
> ecdsa_brainpoolP256r1_sha256(TBD4),
> ecdsa_brainpoolP384r1_sha384(TBD5),
> ecdsa_brainpoolP512r1_sha512(TBD6)
> } SignatureScheme;
Just for completeness, you should state what these mean.
S 5.
> y*Z^3) with the coefficient Z specified for that curve in [RFC5639],
> in order to take advantage of an an efficient arithmetic based on the
> twisted curve's special parameters (A = -3): although the twisted
> curve itself offers the same level of security as the corresponding
> random curve (through mathematical equivalence), an arithmetic based
> on small curve parameters may be harder to protect against side-
"an arithmetic" isn't really idiomatic English.
S 6.2.
> y_Z: the y-coordinate of the shared secret that results from
> completion of the Diffie-Hellman computation
>
> The field elements x_qA, y_qA, x_qB, y_qB, x_Z, y_Z are represented
> as hexadecimal values using the FieldElement-to-OctetString
> conversion method specified in [SEC1].
Do you want to give test vectors for the key share.
On Sun, Sep 2, 2018 at 6:30 AM, Bruckert, Leonie <
leonie.bruck...@secunet.com> wrote:
> We submitted an Internet Draft defining the usage of the Brainpool Curves
> for TLS 1.3.
>
>
>
> We appreciate your comments.
>
>
>
> Leonie
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org]
> Gesendet: Freitag, 31. August 2018 08:41
> An: Merkle, Johannes; Manfred Lochter; Bruckert, Leonie
> Betreff: New Version Notification for draft-bruckert-brainpool-for-
> tls13-00.txt
>
>
>
>
>
> A new version of I-D, draft-bruckert-brainpool-for-tls13-00.txt
>
> has been successfully submitted by Leonie Bruckert and posted to the
>
> IETF repository.
>
>
>
> Name: draft-bruckert-brainpool-for-tls13
>
> Revision: 00
>
> Title: ECC Brainpool Curves for Transport Layer
> Security (TLS) Version 1.3
>
> Document date: 2018-08-30
>
> Group: Individual Submission
>
> Pages: 10
>
> URL: https://www.ietf.org/internet-drafts/draft-bruckert-
> brainpool-for-tls13-00.txt
>
> Status: https://datatracker.ietf.org/doc/draft-bruckert-brainpool-
> for-tls13/
>
> Htmlized: https://tools.ietf.org/html/draft-bruckert-brainpool-for-
> tls13-00
>
> Htmlized: https://datatracker.ietf.org/doc/html/draft-bruckert-
> brainpool-for-tls13
>
>
>
>
>
> Abstract:
>
> This document specifies the use of several ECC Brainpool curves for
>
> authentication and key exchange in the Transport Layer Security (TLS)
>
> protocol version 1.3.
>
>
>
>
>
>
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
>
> until the htmlized version and diff are available at tools.ietf.org.
>
>
>
> The IETF Secretariat
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
