Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
RFC 4492
Document | Type |
RFC - Informational
(May 2006; Errata)
Obsoleted by RFC 8422
Was draft-ietf-tls-ecc (tls WG)
|
|
---|---|---|---|
Authors | Bodo Moeller , Nelson Bolyard , Vipul Gupta , Simon Blake-Wilson , Chris Hawk | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4492 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | ekr@networkresonance.com |
Network Working Group S. Blake-Wilson Request for Comments: 4492 SafeNet Category: Informational N. Bolyard Sun Microsystems V. Gupta Sun Labs C. Hawk Corriente B. Moeller Ruhr-Uni Bochum May 2006 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document describes new key exchange algorithms based on Elliptic Curve Cryptography (ECC) for the Transport Layer Security (TLS) protocol. In particular, it specifies the use of Elliptic Curve Diffie-Hellman (ECDH) key agreement in a TLS handshake and the use of Elliptic Curve Digital Signature Algorithm (ECDSA) as a new authentication mechanism. Blake-Wilson, et al. Informational [Page 1] RFC 4492 ECC Cipher Suites for TLS May 2006 Table of Contents 1. Introduction ....................................................3 2. Key Exchange Algorithms .........................................4 2.1. ECDH_ECDSA .................................................6 2.2. ECDHE_ECDSA ................................................6 2.3. ECDH_RSA ...................................................7 2.4. ECDHE_RSA ..................................................7 2.5. ECDH_anon ..................................................7 3. Client Authentication ...........................................8 3.1. ECDSA_sign .................................................8 3.2. ECDSA_fixed_ECDH ...........................................9 3.3. RSA_fixed_ECDH .............................................9 4. TLS Extensions for ECC ..........................................9 5. Data Structures and Computations ...............................10 5.1. Client Hello Extensions ...................................10 5.1.1. Supported Elliptic Curves Extension ................12 5.1.2. Supported Point Formats Extension ..................13 5.2. Server Hello Extension ....................................14 5.3. Server Certificate ........................................15 5.4. Server Key Exchange .......................................17 5.5. Certificate Request .......................................21 5.6. Client Certificate ........................................22 5.7. Client Key Exchange .......................................23 5.8. Certificate Verify ........................................25 5.9. Elliptic Curve Certificates ...............................26 5.10. ECDH, ECDSA, and RSA Computations ........................26 6. Cipher Suites ..................................................27 7. Security Considerations ........................................28 8. IANA Considerations ............................................29 9. Acknowledgements ...............................................29 10. References ....................................................30 10.1. Normative References .....................................30 10.2. Informative References ...................................31 Appendix A. Equivalent Curves (Informative) ......................32 Blake-Wilson, et al. Informational [Page 2] RFC 4492 ECC Cipher Suites for TLS May 2006 1. Introduction Elliptic Curve Cryptography (ECC) is emerging as an attractive public-key cryptosystem, in particular for mobile (i.e., wireless) environments. Compared to currently prevalent cryptosystems such as RSA, ECC offers equivalent security with smaller key sizes. This is illustrated in the following table, based on [18], which gives approximate comparable key sizes for symmetric- and asymmetric-key cryptosystems based on the best-known algorithms for attacking them. Symmetric | ECC | DH/DSA/RSA ------------+---------+------------- 80 | 163 | 1024 112 | 233 | 2048Show full document text