Hi Juraj, > related to the recent Windows/NSA custom curve certificate issues, we are > wondering whether there are any implementations also supporting explicit > curves in TLS server key exchange messages... Just to clarify: Windows TLS stack only supports named_curve in SKE messages.
Cheers, Andrei -----Original Message----- From: TLS <tls-boun...@ietf.org> On Behalf Of Juraj Somorovsky Sent: Friday, January 17, 2020 5:08 AM To: tls@ietf.org Cc: Robert Merget <robert.mer...@ruhr-uni-bochum.de>; Nimrod Aviram <nimrod.avi...@gmail.com> Subject: [EXTERNAL] [TLS] Explicit curve parameters in Server Key Exchange messages Dear all, related to the recent Windows/NSA custom curve certificate issues, we are wondering whether there are any implementations also supporting explicit curves in TLS server key exchange messages as defined in https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc4492%23section-5.4&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf76997d47f804c33ab4208d79b6f7aab%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148775489120191&sdata=EQNVhlVtJnLlpuRF3eIVwbAfu9bivC%2FXsuFSjvmzS40%3D&reserved=0 Typical TLS implementations we are aware of only support named curves in server key exchange messages. Note that this is different from the custom curves in X.509 certificates. According to RFC4492, it is also possible to use custom explicit curves directly in the TLS protocol. Thank you -- Dr.-Ing. Juraj Somorovsky Lehrstuhl für Netz- und Datensicherheit Ruhr Universität Bochum ----------------------------------- Universitätsstr. 150, Geb. ID 2/403 D-44780 Bochum Telefon: +49 (0) 234 / 32-26740 Fax: +49 (0) 234 / 32-14347 https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nds.rub.de%2Fchair%2Fpeople%2Fjsomorovsky&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf76997d47f804c33ab4208d79b6f7aab%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148775489120191&sdata=D76wCkI5gs0H5%2ByMcBlcUMZ3Alec5EpfOjJ2X8xVyX0%3D&reserved=0 @jurajsomorovsky _______________________________________________ TLS mailing list TLS@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf76997d47f804c33ab4208d79b6f7aab%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148775489120191&sdata=4UsAJvqTSE2ICmMsHHe78j3haF25CDxqsvFkT3ZmXFU%3D&reserved=0 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
