Elliptic Curve Cryptography Subject Public Key Information
RFC 5480

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    pkix mailing list <ietf-pkix@imc.org>, 
    pkix chair <pkix-chairs@tools.ietf.org>
Subject: Protocol Action: 'Elliptic Curve Cryptography Subject 
         Public Key Information' to Proposed Standard 

The IESG has approved the following document:

- 'Elliptic Curve Cryptography Subject Public Key Information '
   <draft-ietf-pkix-ecc-subpubkeyinfo-11.txt> as a Proposed Standard

This document is the product of the Public-Key Infrastructure (X.509) 
Working Group. 

The IESG contact persons are Pasi Eronen and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-ecc-subpubkeyinfo-11.txt

Technical Summary

   The subjectPublicKeyInfo field of an X.509 certificate carries
   three data items: an algorithm identifier, optional parameters, and
   a bit string that represents the public key.  The parameters are
   specific to the algorithm and this field usually contains simple
   values needed to characterize the public key algorithm, e.g., the
   generator and modulus for Diffie-Hellman. However, X.509 does not
   constrain the scope of this parameters field. The ANSI X9.62
   standards allow parameters to name the curve via an object
   identifier, inherit the curve from an issuer, or fully specify the
   curve.  To fully specify the curve a complex structure is required.
   Further, the ANSI X9.62 standards committee elected to use this
   field to express potentially complex limitations on how the public
   key in the certificate can be used, e.g., which key derivation
   functions can be applied to the bit string that results from a
   Diffie-Hellman key exchange.

   After considerable debate the PKIX WG decided to limit the number
   of parameter choices to one: the name the curve with an object
   identifier (namedCurve).  This decision was based on implementers
   desire to use well known curves from NIST and the complexity of the
   specifiedCurve field (not to mention the 20+ pages it saved).

   The WG also decided to restrict the number of algorithm identifiers
   to three: id-ecPublicKey, id-ecDH, and id-ECMQV.  The
   id-ecPublicKey object identifier is when a CA does not want to
   limit the key for use with a particular ECC algorithm.  ECDSA will
   use this object identifier, as it is already widely implemented.
   The id-ecDH and id-ecMQV object identifiers are used to restrict
   the key for use with ECDH and ECMQV, respectively.

   The SHA-224, SHA-256, SHA-384, and SHA-512 algorithms and the NIST
   curves were added to the ASN.1 modules.

Working Group Summary

   This ID was discussed extensively on the PKIX WG mailing list.  A
   poll was taken to remove the specifiedCurve option.  The WG was in
   favor of the change.  The other comments were about document
   quality.

Document Quality

   This document is a fairly length update of three sections of RFC
   3279 (Sections 2.3.5, 3, and 5) and includes a long ASN.1 module.  
   The quality of the draft is comparable in quality to its predecessor

Personnel

   The document shepherd is Stefan Santesson. The responsible
   area director is Pasi Eronen.