Re: Disabling all uses of elliptical curves

2016-05-11 Thread Martin Thomson
On Wed, May 11, 2016 at 11:08 PM, Hubert Kario wrote: > I haven't tested it, but I don't think that will stop NSS trusting RSA > certificates signed by ECC CAs. There are plenty of things that NSS will still do with ECC if you disable ECC cipher suites. That's for sure. If you are scared of ECC

Re: Cipher suits, signature algorithms, curves in Firefox

2016-05-11 Thread Hubert Kario
On Friday 06 May 2016 10:34:37 Zoogtfyz wrote: > > the larger key size helps w.r.t. quantum computers. > > If quantum computers are currently on the level of breaking AES-128, > then they are on the level of breaking any asymmetric cryptography > (RSA, DHE or ECDHE key exchange) we are using - whi

Re: Disabling all uses of elliptical curves

2016-05-11 Thread Hubert Kario
On Saturday 30 April 2016 09:05:27 Martin Thomson wrote: > At the TLS layer, you can disable all suites that require ECC. I haven't tested it, but I don't think that will stop NSS trusting RSA certificates signed by ECC CAs. > On Sat, Apr 30, 2016 at 4:40 AM, Franziskus Kiefer wrote: > > ther