On Wed, Jul 15, 2015 at 6:42 PM, Rene Struik <rstruik....@gmail.com> wrote:
> Dear colleagues: > > It seems prudent to keep some diversity of the gene pool and not only have > curves defined over prime curves. Similarly, one should perhaps have some > diversity of gene pool criteria within the set of recommend curves and not > only include special primes. Should some problem with a particular subclass > show up over time, one then at least has other classes available. I just responded to Dan Brown with this, but it applies here as well: ---------- Forwarded message ---------- From: Tony Arcieri <basc...@gmail.com> Date: Wed, Jul 15, 2015 at 6:46 PM Subject: Re: [TLS] sect571r1 To: Dan Brown <dbr...@certicom.com> Cc: Martin Rex <m...@sap.com>, "<tls@ietf.org>" <tls@ietf.org> On Wed, Jul 15, 2015 at 6:42 PM, Dan Brown <dbr...@certicom.com> wrote: > Even so, there's an argument from Koblitz and Menezes that special curves > (e.g. binary curves) may survive some wider collapse. I think it's a weak > argument, but for those for whom supporting more curves is easy, it could > justify supporting a diversity of curves. Others are pushing FFDHE in the event of some ECC disaster. I'm not really a fan of that either (all these things add attack surface in addition to being "backups"), but if we're going to keep a little used thing around in our pocket just in case of an ECC disaster, why do we need backup curves in addition to FFDHE? -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
