Julien Vehent wrote: > Thank you Hubert from starting this discussion. I think this can be the base > for version 4 of the document. > > On 2014-10-20 08:10, Hubert Kario wrote: >> The items that probably should be changed or added: >> * curves weaker than secp256r1 - I think they shouldn't be >> enabled at all - while browsers do enable only the two or three >> NIST curves, clients that use OpenSSL enable also the rather weak >> 163 bit curve, making it possible to negotiate them (and as such >> limit the level of security to about 80 bit) > > I agree. The document currently recommends secp256r1, secp384r1 and secp521r1. > It would be good to have a more comprehensive list of curves, and have another > list of discarded curves in the "Mandatory discards" section. The problem is > being able to specify these curves in configurations, which isn't widely > supported in servers.
This sounds very similar to the discussions on the IETF UTA mailing list. https://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/ Ciao, Michael. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
