Works for me. Any idea on when Mozilla is planning to permit Curve22519 and Curve448? I’d like to plan for that date.
From: Richard Barnes [mailto:rbar...@mozilla.com] Sent: Wednesday, February 1, 2017 4:04 PM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: Hanno Böck <ha...@hboeck.de>; r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Other Curves Unfortunately, despite the Bitcoin community's enthusiasm, secp256k1 has very bad side-channel properties: https://eprint.iacr.org/2014/161.pdf https://bugzilla.mozilla.org/show_bug.cgi?id=1051509 Overall, I agree with Ryan that proliferation in this space is to be avoided. I expect that the only real non-NIST algorithm we will expect to support in the near term is EdDSA. --Richard On Wed, Feb 1, 2017 at 2:58 PM, Jeremy Rowley <jeremy.row...@digicert.com <mailto:jeremy.row...@digicert.com> > wrote: I think I should mention that I suggested secp256k1 for blockchain reasons... -----Original Message----- From: Hanno Böck [mailto:ha...@hboeck.de <mailto:ha...@hboeck.de> ] Sent: Wednesday, February 1, 2017 3:52 PM To: Jeremy Rowley <jeremy.row...@digicert.com <mailto:jeremy.row...@digicert.com> > Cc: r...@sleevi.com <mailto:r...@sleevi.com> ; mozilla-dev-security-pol...@lists.mozilla.org <mailto:mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: Other Curves On Wed, 1 Feb 2017 22:38:54 +0000 Jeremy Rowley <jeremy.row...@digicert.com <mailto:jeremy.row...@digicert.com> > wrote: > Some of these curves are considered much better than the NIST curves > (well, that’s what I’ve read anyway). Overall they have mostly the same weaknesses than the NIST curves. There are differences in detail, but it really doesn't justify introducing a lot of variety in the ecosystem. But I have a pretty good idea where that hearsay comes from, and I'm pretty sure it has little to do with security. The modern curves like Curve25519 and Curve448 avoid many of the security pitfalls of older curves. If you want more secure curves look at them and push standards forward so they can be used within X.509. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de <mailto:ha...@hboeck.de> GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org <mailto:dev-security-policy@lists.mozilla.org> https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy