Brainpool removed from crypto-refresh PQC spec
Andrew Gallagher
andrewg at andrewg.com
Mon May 27 17:49:44 CEST 2024
On 27 May 2024, at 15:20, Werner Koch via LibrePGP-discuss <librepgp-discuss at librepgp.org> wrote:
>
> The IETF OpenPGP WG just released draft-ietf-openpgp-pqc-03.txt with
> this surprising change [1]:
>
> * Removed NIST and Brainpool curve hybrids, dropped ECDSA from the
> current specification.
>
> I wonder why the BSI now favors dropping of Brainpool as part of the
> composite encryption algorithms and demand a Bernstein curve - one of
> the authors works at the BSI.
They don’t intend to drop brainpool. The discussion got bogged down in how many curves to include in the draft, so in order to speed the adoption process (and the interop process) it was decided at IETF-119 to remove the optional curves (brainpool, NIST) in order to concentrate on generic mechanisms [1]. AIUI, the BSI authors still intend to specify brainpool as it is relatively easy to do at a later date.
A
[1] https://mailarchive.ietf.org/arch/msg/openpgp/VVlAGdu3vBs417RNtFrn2x9WuNI/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240527/204935ea/attachment.sig>
More information about the LibrePGP-discuss
mailing list