Re: xmlsec / ECDSA problem

On Thu, Feb 16, 2017 at 4:22 AM, Gervase Markham wrote: > Did things break when we disabled it? A few things. It lasted less than a day in Nightly before we got multiple bug reports. > Do we know why Chrome decided not to support it? Two NIST curves is enough? That's my

Re: xmlsec / ECDSA problem

On 15/02/17 17:17, Martin Thomson wrote: > Sure. Both NSS and Firefox support P-521. We still accept TLS > handshakes that use it (for both key exchange and signing). I believe > that it is also supported in webcrypto. > > I believe that Chrome doesn't support P-521 in TLS. We tried to >

Re: xmlsec / ECDSA problem

On Thu, Feb 16, 2017 at 3:44 AM, Gervase Markham wrote: > There seemed to be some confusion recently in m.d.s.policy about whether > NSS, and then Firefox, supported P-521 for server auth certs. Can > someeone clear it up for me and tell me what the situation is? :-) Sure.

Re: xmlsec / ECDSA problem

On Wed, Feb 15, 2017 at 7:59 PM, Miklos Vajna wrote: > To avoid solving multiple problems at once, probably I'll go for an > other ECDSA testcase first where the parameter is supported by NSS. :-) The best supported curve is P-256 (i.e., secp256r1), but P-384 (secp384r1) and