Re: Brainpool Curves in Fedora (openssl, libgcrypt, gnupg)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm hitting this problem as well with the German ID (eAU), see BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2000306

Some BSI tech guidelines relating to ECCs are actually available in english, too, e.g.:


Quoting from the former doc:
> 1.1. Patents and side-channel attacks
> In implementations, patents and side-channel attacks play an important role.
> The algorithms described in this guideline have been carefully selected to allow patent-free
> and/or license-free implementations. Nevertheless, some of the described algorithms or its par-
> ticular implementations may be subject of patent rights. The BSI shall not be held responsible
> for identifying any or all such patent rights.
> Implementors and security evaluators shall also pay attention to [6], which gives a general
> guidance to assess the side-channel resistance of implementations on smartcards

There is more anecdotal evidence e.g. here by ARM Mbed:
https://tls.mbed.org/kb/cryptography/elliptic-curve-performance-nist-vs-brainpool
Quote:

Can you optimize Brainpool curves to be as fast as the NIST curves?

Unfortunately, this is not possible. The design decision for Brainpool to use random primes was aimed at:

  • avoiding possible patent issues with fast reduction algorithms
  • avoiding potential security issues with non-random primes

Nitrokey docs also show using Brainpool curves in their docs: https://docs.nitrokey.com/pro/linux/ecc.html

> [...] A suitable version of GnuPG is included in the GNU/Linux distributions Ubuntu (since 18.04), Debian (from Stretch onwards),
> Arch Linux, Fedora (from Release 26 onwards) and openSUSE Tumbleweed [...]

They apparently haven't tested their guide on Fedora in a while ;)

All of the above makes it look to me as though Brainpool curves were specifically designed to NOT touch on any patents.
I'd be curious if any other of the big distros exclude the Brainpool curves too. On the linked BZ it was stated that Xubuntu includes them.

It would be great if the current exclusion of those curves would be reevaluated.

Thanks,
Christian
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux