40 likes | 297 Views
ECC cipher suites for TLS. Simon Blake-Wilson Tim Dierks Chris Hawk Certicom. Current Draft Summary. Key exchange algorithms: ECDH_ECDSA ECDH_ECDSA_EXPORT ECDH_RSA ECDH_RSA_EXPORT ECDH_anon ECDH_anon_EXPORT Client authentication using ECDH and ECDSA. Current Draft Summary.
E N D
ECC cipher suites for TLS Simon Blake-Wilson Tim Dierks Chris Hawk Certicom
Current Draft Summary Key exchange algorithms: • ECDH_ECDSA • ECDH_ECDSA_EXPORT • ECDH_RSA • ECDH_RSA_EXPORT • ECDH_anon • ECDH_anon_EXPORT Client authentication using ECDH and ECDSA
Current Draft Summary Other stuff: • Parameters expressed as choice of “named curve” or verbose - “named” recommended for use • Certificates as specified in PKIX algorithms document • Symmetric algorithms: RC4, DES, 3DES, AES • 3 SHOULD cipher suites - all ECDH_ECDSA
Issues • Cipher suite numbers? • Parameters in client hello? • Perfect forward secrecy?