Re: NSS patch for TLS timing attack on elliptic curve cyrptography
On Fri, Sep 23, 2011 at 2:02 PM, Douglas Stebila doug...@stebila.ca wrote: Perhaps someone will take a look at this forlorn bug and patch? https://bugzilla.mozilla.org/show_bug.cgi?id=660394 Yes, I can take a look at the patch. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: NSS patch for TLS timing attack on elliptic curve cyrptography
Douglas Stebila wrote: The same attack applies to NSS. A while back I submitted a bug and patch for NSS, but it has been languishing in Bugzilla without any attention. While the use of ECC in deployed TLS environments is quite low, it's still probably a good idea to get the code patched. Perhaps someone will take a look at this forlorn bug and patch? I do not think any NSS-based products from any of the NSS maintainers enable binary ECC. That is one of the main factors why the bug isn't getting any attention. Should we just remove all the non-suite-B ECC support, since it isn't being maintained? - Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto