On Tue, Jul 21, 2015 at 7:20 PM, Ilari Liusvaara < ilari.liusva...@elisanet.fi> wrote:
> On Tue, Jul 21, 2015 at 11:30:15AM -0400, Dave Garrett wrote: > > On Tuesday, July 21, 2015 10:47:05 am Ilari Liusvaara wrote: > > > I thought that Brainpool curves weren't removed (even if those aren't > > > explicitly in), which are random prime curves. > > > > > > Also, the security of binary curves seems quite questionable. > > > > Brainpool curves aren't in the TLS 1.3 draft, but they're not prohibited > either. > > > > If there's no strong objection, I'd like to add them to the list, if > > just to document the current NamedGroup registry. I could add a > > recommendation to stick to standards track, for those worrying about > them. > > Related: There's the following draft: draft-iab-crypto-alg-agility > (currently in IETF LC) which contains the following: > > 3.4 National Cipher Suites > > "The default server or > responder configuration SHOULD disable such algorithms; in this way, > explicit action by the system administrator is needed to enable them > where they are actually required." > > While the thing is about cipher suites, it also goes for curves. > > Also, Brainpool is much slower than the special prime stuff, > so I think the defaults should be high-performance where it is > not known to hurt security. > > > This could also be applied to some actual ciphersuite stuff, namely > ARIA and CAMELLIA (there doesn't seem to be any usable SEED ciphers). I would be comfortable with taking a hard look at these. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls