On Wed, 1 Feb 2017 22:38:54 +0000 Jeremy Rowley <jeremy.row...@digicert.com> wrote:
> Some of these curves are considered much better than the NIST curves > (well, that’s what I’ve read anyway). Overall they have mostly the same weaknesses than the NIST curves. There are differences in detail, but it really doesn't justify introducing a lot of variety in the ecosystem. But I have a pretty good idea where that hearsay comes from, and I'm pretty sure it has little to do with security. The modern curves like Curve25519 and Curve448 avoid many of the security pitfalls of older curves. If you want more secure curves look at them and push standards forward so they can be used within X.509. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
