On Tue, Jun 27, 2017 at 1:49 PM, Tom . wrote: > On 27 June 2017 at 11:44, Alex Gaynor wrote: > > I'll take the opposite side: let's disallow it before it's use expands > :-) > > But is that what we're talking about? I didn't think the question was > "Should we remove P-521 code from NSS" it's "Should we permit CAs to > use P-521?" >
Note: Forbidding P-521 by policy likely wouldn't prompt us to disable or remove any code from NSS in any quick fashion; that curve is one of those exported to WebCrypto, and we'd need to be sure we weren't breaking things by pulling it from there. Given the low usage of ECDH/ECDSA and the lack of compatibility in Chrome, probably not, but we'd want to at least check. -J.C. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy