Re: xmlsec / ECDSA problem

[Peter Bowen]

On Wed, Feb 15, 2017 at 9:22 AM, Gervase Markham  wrote:
> On 15/02/17 17:17, Martin Thomson wrote:
>> Sure.  Both NSS and Firefox support P-521.  We still accept TLS
>> handshakes that use it (for both key exchange and signing).  I believe
>> that it is also supported in webcrypto.
>>
>> I believe that Chrome doesn't support P-521 in TLS.  We tried to
>> follow them, but only briefly.
>
> Did things break when we disabled it?
>
> Do we know why Chrome decided not to support it? Two NIST curves is enough?

I don't have any knowledge of why Chrome decided to only support P-256
and P-384.

I do know that P-256 and P-384 were the only two curves included in
the US NSA's "Suite B" specification and that the NSA did offer an
Elliptic Curve Cryptography (ECC) Patent License Agreement (PLA)
[http://web.archive.org/web/20130308064650/http://www.nsa.gov/business/programs/quick_facts.shtml]
at no charge for certain products.

It is possible that an implementer of Elliptic Curve cryptography
might want have decided to only implement curves included
specifications that are presumably covered by no charge patent license
agreements.

Thanks,
Peter
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Builtin root ACs

[Abdelhak Brrem]

I have a question if i may ask it, it's about the nssckbi.dll file that stores 
Builtin root ACs, how can i list these certificates ?, The Certutile tool works 
only for the certificates stored in the cert8.db file.
do you have any leads on this ?.

Thank you.
B.Abdelhak
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto