Re: xmlsec / ECDSA problem
On Thu, Feb 16, 2017 at 4:22 AM, Gervase Markhamwrote: > Did things break when we disabled it? A few things. It lasted less than a day in Nightly before we got multiple bug reports. > Do we know why Chrome decided not to support it? Two NIST curves is enough? That's my understanding. P-521 isn't busted, it's just a little inefficient and not enough stronger than P-384 (or X448) that it is worth keeping around when faced with a working quantum computer. That and the fact that more options is more code to carry, more options to signal, and so forth. I think that's the reasoning. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: xmlsec / ECDSA problem
On 15/02/17 17:17, Martin Thomson wrote: > Sure. Both NSS and Firefox support P-521. We still accept TLS > handshakes that use it (for both key exchange and signing). I believe > that it is also supported in webcrypto. > > I believe that Chrome doesn't support P-521 in TLS. We tried to > follow them, but only briefly. Did things break when we disabled it? Do we know why Chrome decided not to support it? Two NIST curves is enough? Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: xmlsec / ECDSA problem
On Thu, Feb 16, 2017 at 3:44 AM, Gervase Markhamwrote: > There seemed to be some confusion recently in m.d.s.policy about whether > NSS, and then Firefox, supported P-521 for server auth certs. Can > someeone clear it up for me and tell me what the situation is? :-) Sure. Both NSS and Firefox support P-521. We still accept TLS handshakes that use it (for both key exchange and signing). I believe that it is also supported in webcrypto. I believe that Chrome doesn't support P-521 in TLS. We tried to follow them, but only briefly. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: xmlsec / ECDSA problem
On Wed, Feb 15, 2017 at 7:59 PM, Miklos Vajnawrote: > To avoid solving multiple problems at once, probably I'll go for an > other ECDSA testcase first where the parameter is supported by NSS. :-) The best supported curve is P-256 (i.e., secp256r1), but P-384 (secp384r1) and P-521 (secp521r1) are also well supported. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto