ECC and smartcards

Werner Koch wk at
Mon Jan 9 16:42:05 CET 2012

On Mon,  9 Jan 2012 15:11, ott at said:

> The current RFC draft (you are probably aware of it) only specifies
> OIDs for NIST curves and mandates support for NIST P-256 [1]. Though

There is no need to specify an OID.  You may simply use a different
curved than those which will be in the RFC.  The problem is that the
IETF is very US centric and thus they want US stuff.  However no curve
is excluded (MUST NOT) and thus we will simply set a de-facto standard
by using a subset of the Brainpool OIDs.  That is much easier than
endless discussions on the benefits of certain algorithms.  We have the
very same issue with the supported algorithm sizes.  OpenPGP does not
specify that either.

> it might be possible to support other curves, it seems likely that
> (at least) P-256 will be the best choice for interoperability.

This is purely a political thing; let them do what they want.  I am
pretty sure that we have good control over what will be used in the end



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list