ECC and smartcards

Matthias-Christian Ott ott at
Mon Jan 9 18:57:22 CET 2012

On Mon, Jan 09, 2012 at 04:42:05PM +0100, Werner Koch wrote:
> On Mon,  9 Jan 2012 15:11, ott at said:
> > The current RFC draft (you are probably aware of it) only specifies
> > OIDs for NIST curves and mandates support for NIST P-256 [1]. Though
> There is no need to specify an OID.  You may simply use a different
> curved than those which will be in the RFC.  The problem is that the
> IETF is very US centric and thus they want US stuff.  However no curve
> is excluded (MUST NOT) and thus we will simply set a de-facto standard
> by using a subset of the Brainpool OIDs.  That is much easier than
> endless discussions on the benefits of certain algorithms.  We have the
> very same issue with the supported algorithm sizes.  OpenPGP does not
> specify that either.

I'm not against that. Maybe the thing we can take out of this
discussion is that, the specification should allow multiple curves
and curve formats to be supported (similar to the RSA key sizes in
current specification) and perhaps there could be an option „user
defined“ or something similar which allows you to set the parameters

> > it might be possible to support other curves, it seems likely that
> > (at least) P-256 will be the best choice for interoperability.
> This is purely a political thing; let them do what they want.  I am
> pretty sure that we have good control over what will be used in the end
> ;-).

Well, we'll talk about this in ten years ;). But considering the current
state of X.509 it maybe commercially worthwhile to support the standard
and the specified profiles required for certain contracts in the future.


More information about the Gnupg-devel mailing list