Am Samstag, dem 16.10.2021 um 23:24 -0400 schrieb Matthew Miller:
On Fri, Oct 15, 2021 at 12:23:57PM +0200, Felix Schwarz wrote:
> Am 14.10.21 um 21:44 schrieb Björn 'besser82' Esser:
> > I don't want to be pushy, but it's been a while since your reply.
> > Did
> > you get any response or reaction about this in the meantime?
>
> Just wanted to mention that this affects me as well. For example
> electronic prescriptions in Germany require signatures with
> brainpool curves so as of now we'd have to rebuild OpenSSL to verify
> these signatures...
Thank you, that kind of information is very helpful. Can you link to
something documenting this requirement? I coulnd't find anything in a
quick
search. (It's okay if it's in German.)
Here is a technical reference document (TR-03116-4) issued by German
"BSI" [1] (Federal agency for IT security). On the very bottom of page
21 it says: "Außerdem muss die elliptische Kurve BrainpoolP256r1 für die
ECC-Verfahren unterstützt werden" -> "Additionally support for
BrainpoolP256r1 ECC is mandatory."
In TR-03116-2 [2] on page 9 one can also find the mandatory requirement
for Brainpool ECC: "Für kryptographische Algorithmen basierend auf
Elliptischen Kurven (d.h. ECDSA und ECKA) sind die
Brainpool Domain Parameter [26] in den entsprechenden Bitlängen zu
verwenden." -> "For cryptographic algorithms based on ECC (ECDSA, ECKA)
Brainpool domain parameters with adequate bit lengths as shown are to be
used."
Thanks,
Björn
[1]
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Technis...
[2]
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Technis...