That’s a pretty vague argument against adding some curves. With that logic, we’d never have moved away from MD5 hash as moving away would have disrupted the ecosystem…
From: Ryan Sleevi [mailto:r...@sleevi.com] Sent: Wednesday, February 1, 2017 3:46 PM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Other Curves On Wed, Feb 1, 2017 at 2:38 PM, Jeremy Rowley <jeremy.row...@digicert.com <mailto:jeremy.row...@digicert.com> > wrote: Some of these curves are considered much better than the NIST curves (well, that’s what I’ve read anyway). With how many new curves there are (many with an international flavor), it’d be nice if Mozilla considered some of the new curves and added them if appropriate. Brainpool is supported in RFCs, HSMs, and in applications. That's more of a compelling argument against than for; similar to the discussions for algorithms like SM2 or IDEA or Camellia in TLS. As Adam Langley eloquently captured in https://bugs.chromium.org/p/chromium/issues/detail?id=442572#c5 "Cipher suites are not like Pokémon: the aim isn't to enable every single one." The same applies to curves The question inevitably is not necessarily one about enforcing Mozilla's view of curve strength (or of Google's), but one of considering the ecosystem and security impact to their users by promoting/allowing such things.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
