Bug 1326411

Summary: [RFE] ECC Support for the CA
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: CLOSED WONTFIX QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: asharov, dazo, jswensso, pasik, pcech, pvoborni, rcritten, tomek
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-09 20:16:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Martin Kosek 2016-04-12 15:26:47 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3951

FreeIPA should support ECC algorithms for the CA features in addition to the RSA. This should be preferably be offered out of the box as an option.

A brief overview on the practical impact of choosing between RSA and ECC can be read from for example RFC 4492:

[snip]
   Elliptic Curve Cryptography (ECC) is emerging as an attractive
   public-key cryptosystem, in particular for mobile (i.e., wireless)
   environments.  Compared to currently prevalent cryptosystems such as
   RSA, ECC offers equivalent security with smaller key sizes.  This is
   illustrated in the following table, based on [18], which gives
   approximate comparable key sizes for symmetric- and asymmetric-key
   cryptosystems based on the best-known algorithms for attacking them.

                    Symmetric  |   ECC   |  DH/DSA/RSA
                   ------------+---------+-------------
                        80     |   163   |     1024
                       112     |   233   |     2048
                       128     |   283   |     3072
                       192     |   409   |     7680
                       256     |   571   |    15360

                  Table 1: Comparable Key Sizes (in bits)

   Smaller key sizes result in savings for power, memory, bandwidth, and
   computational cost that make ECC especially attractive for
   constrained environments.
[snip]

Not only more efficient today, ECC will probably withstand the future developments in cryptoanalysis better. Many crypto systems such as SSL/TLS certificates are used to protect important data for long periods of time, at least until the data has lost its value already. For some information this can mean decades. 

To counter-balance the projected advancements one of the main mitigation tools used is increasing the key sizes. Alas, this can not be done very far with RSA. Several embedded platforms such as smart cards will start failing to function rapidly as the key sizes increase. For example RSA smart cards will typically start failing at between 3-5 kilobits. ECC algorithms will fare better on limited hardware.

FreeIpa should, to ensure longevity of the product, implement ECC as soon as possible. It is one of the major features that will in the near future start impacting product selection for CA applications.
Comment 1 Petr Vobornik 2017-10-16 11:47:30 UTC 
For upcoming months or more the FreeIPA/IdM team is focusing on stability, testability of FreeIPA/IdM and thus postponing any RFEs or non-critical bugs.
Comment 3 Petr Čech 2019-12-09 20:16:05 UTC 
We are closing this RFE until upstream provides the profile for clients.