Missing Brainpool Curve Support in X509 Libraries

[iDAKTO]

Certificates that rely on BP curves are used in certain sectors and we can't manage to parse them through the current X509 library. It would be great to have support for Brainpool curves in the X509 library.

[AlCutter]

Hi,

Thanks for your request. I think it's unlikely we'll want to do this here for a couple of reasons:

• AFAIK (although very happy to be enlightened if I'm wrong), BP doesn't really seem to be used in WebPKI (At a wild guess, would you perhaps be looking at applying transparency to in Germany?)
• These x509/asn1 packages are really just (increasingly outdated) forks of Go's stdlib packages, which we'd quite like to drop eventually.

I think your best bet would likely be to do one or both of:

• See about getting BP support added upstream in the Go stdlib (I found this thread which might be a good place to start: proposal: crypto/x509: ability to add custom curve when parsing X509 certificate golang/go#32874 )
• Fork this repo and add support there for parsing BP certs.

The other thing I wanted to mention, in case you're not already aware of it, is the ongoing experiment in the CT ecosystem with Static CT API log implementations - these promise to be considerably easier and cheaper to operate, so may be worth consideration if you're looking at spinning up new infrastructure...