On Tue, 4 Jun 2024 at 09:22, John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > > D. J. Bernstein wrote: > > >Again, I understand that certificates haven't upgraded t allowing Ed25519 > >yet; >
> > > The WebPKI forbids EdDSA and my understanding is that TLS library support is > lacking [1], but otherwise I don't think there are any problems with using > EdDSA certificates [2] in general. Ericsson is planning to start using > EdDSA+PQC hybrids soon. For new systems I think X25519, EdDSA, and SHAKE are > superior to P-256, ECDSA, and SHA-2. For existing systems it does not make > much sense to update, especially as most systems need to move to PQC > signatures soon. > > > > [1] https://github.com/netty/netty/issues/10916 > > [2] https://datatracker.ietf.org/doc/html/rfc8410 > > Thanks. > Loganaden Velvindron wrote: > > >My personal view is that it's important to have at least one "independent" > >curve like X25519 > > > > I am very positive to using X25519 as I think it has better properties than > P-256. I am strongly against the idea that TLS needs an "independent" curve. > I think the idea that P-256 is backdoored is conspiracy theory nonsense. > Hi John, Who is claiming that P-256 has a backdoor ? > I really like Filippo Valsorda’s challenge to recover the seeds. I think NSA > should take on the challenge and give the bounty to charity. They have the > capability to win and they should have an interest in increasing trust in the > P-curves. > > https://words.filippo.io/dispatches/seeds-bounty/ > Thanks for sharing. > Cheers, > > John Preuß Mattsson > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
