Hello: I am posting the following on behalf of Rufus Buschart of Siemens, for discussion.
Kind regards, Stephen QuoVadis - The "Bundesamt für Sicherheit in der Informationstechnik" (German Federal Office for Information Security) published a technical guidance TR-03116-3 which defines fundamental cryptographic requirements for governmental projects. In chapter 2.1.3 it defines three elliptic curves that have to be supported as a minimum for SSL/TLS. One of the three curves is the brainpoolp256r1 curve. This curve is not currently allowed according to the BRGs chapter 6.1.5. I would like to propose, that this curve becomes allowed by the BRGs as well. TR-03116-3: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf?__blob=publicationFile&v=4
<<attachment: winmail.dat>>
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
