0010049: ECC_nistP256 and ECC_nistP384 are meant to be interoperable

ID	Project	Category	View Status	Date Submitted	Last Update

0010049	10000-007: Profiles	Spec	public	2024-12-04 05:55	2025-01-14 17:00

Reporter	Bernd Edlinger	Assigned To	Jim Luth
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	won't fix

Summary	0010049: ECC_nistP256 and ECC_nistP384 are meant to be interoperable
Description	That means, a ECC_nistP384 application instance certificate can use ECC_nistP384 and ECC_nistP256 security profiles, but from the profile reporting tool this information either disallows that or is at least misleading: ECC-nistP256_Limits: -> DerivedSignatureKeyLength = 256 -> EncryptionKeyLength=128 -> InitializationVectorLength=128 -> SignatureLength=256 -> MinAsymmetricKeyLength = 256 (ECC) -> MaxAsymmetricKeyLength = 384 (ECC for CA Only) -> SecureChannelNonceLength = 64 This should be MaxAsymmetricKeyLength = 384 (ECC) and the AsymmetricSignatureAlgorithm_ECDSA-SHA2-256 should make it cleat that the signature length is 64 bytes for nistP256 keys and 96 bytes for nistP384 keys but hash function SHA2-256 is used in any case. Only a mistP256 key cannot be used to create signatures for the ECC_nistP384 profile. Likewise ECC_brainpoolP256r1 and ECC_brainpoolP384r1 were meant to be interoperable.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-12-04 05:55	Bernd Edlinger	New Issue
2025-01-14 17:00	Jim Luth	Assigned To	=> Jim Luth
2025-01-14 17:00	Jim Luth	Status	new => closed
2025-01-14 17:00	Jim Luth	Resolution	open => won't fix
2025-01-14 17:00	Jim Luth	Note Added: 0022278

Jim Luth 2025-01-14 17:00 administrator ~0022278	Security sub-group concluded they will not be made interoperable.