On 05/07/17 11:40, Arkadiusz Ławniczak wrote: > As CERTUM, we are not aware of any implementations which do not > support P-521 (with the exception of BoringSSL where P-512 is > disabled but not unsupported).
Yes, but that means that whenever Chrome uses BoringSSL, your roots won't work, right? Is that not a problem for you? >> From a cryptosystem security point of view - especially rootCA and >> ARL - P384 to P521 is like "day to night". This is particularly >> important for crypto-systems to be safe for decades. As noted in my previous message, you need to provide some backup for that assertion. > The key is: "or higher". The thing is the vendors'/browsers' policies > should be consistent with the functioning of the market and therefore > we belive that removing P-521 from Mozilla Policy was not a good > thing. "The market" is overwhelmingly not using P-521, according to the statistics quoted in this discussion. If we allow it and it starts being used, every web client SSL implementation will need to carry this algorithm for the forseeable future. Given that there are other new, probably-better curves and algorithms coming down the pipe, it seems unwise to pad out the compulsory set with yet more variants on the same thing. So pending a very good argument why P-521 provides something that neither the existing algorithms nor the new class of pending algorithms can provide, I think we will leave the policy as-is. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy