On Wed, Feb 15, 2017 at 9:22 AM, Gervase Markham wrote:
> On 15/02/17 17:17, Martin Thomson wrote:
>> Sure. Both NSS and Firefox support P-521. We still accept TLS
>> handshakes that use it (for both key exchange and signing). I believe
>> that it is also supported in
On Sat, Feb 18, 2017 at 8:59 AM, Jeremy Rowley
wrote:
> It's still permitted in the policy.
>
> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs
> /policy/#inclusion
Yes, well... The policy says P-512, which doesn't actually exist.
The
Thomson
Sent: Wednesday, February 15, 2017 5:06 PM
To: mozilla's crypto code discussion list
<dev-tech-crypto@lists.mozilla.org>
Cc: mozilla-dev-tech-crypto <mozilla-dev-tech-cry...@lists.mozilla.org>
Subject: Re: xmlsec / ECDSA problem
On Thu, Feb 16, 2017 at 4:22 AM, Gervas
On Thu, Feb 16, 2017 at 4:22 AM, Gervase Markham wrote:
> Did things break when we disabled it?
A few things. It lasted less than a day in Nightly before we got
multiple bug reports.
> Do we know why Chrome decided not to support it? Two NIST curves is enough?
That's my
On 15/02/17 17:17, Martin Thomson wrote:
> Sure. Both NSS and Firefox support P-521. We still accept TLS
> handshakes that use it (for both key exchange and signing). I believe
> that it is also supported in webcrypto.
>
> I believe that Chrome doesn't support P-521 in TLS. We tried to
>
On Thu, Feb 16, 2017 at 3:44 AM, Gervase Markham wrote:
> There seemed to be some confusion recently in m.d.s.policy about whether
> NSS, and then Firefox, supported P-521 for server auth certs. Can
> someeone clear it up for me and tell me what the situation is? :-)
Sure.
On Wed, Feb 15, 2017 at 7:59 PM, Miklos Vajna wrote:
> To avoid solving multiple problems at once, probably I'll go for an
> other ECDSA testcase first where the parameter is supported by NSS. :-)
The best supported curve is P-256 (i.e., secp256r1), but P-384
(secp384r1) and
7 matches
Mail list logo