I'll take the opposite side: let's disallow it before it's use expands :-) P-521 isn't great, and there's really no value in proliferation of crypto algorithms, as someone told me: "Ciphersuites aren't pokemon, you shouldn't try to catch 'em all". There's no real use cases P-521 enables, and not supporting it means one less piece of code to drag around as we move towards better curves/signature algorithms like Ed25519 and co.
Alex On Tue, Jun 27, 2017 at 2:40 PM, Kurt Roeckx via dev-security-policy < [email protected]> wrote: > On Tue, Jun 27, 2017 at 10:41:49AM -0700, Gervase Markham wrote: > > On 27/06/17 07:17, Kurt Roeckx wrote: > > > I suggest you keep it for now. > > > > An opinion without a rationale is not all that useful :-) > > A lot of software supports it, including NSS / Firefox. It's not > an ideal curve, and it should get replaced, but it's currently > better to have it then not. > > I currently only count 222 certificate using P-521 that chain to > the Mozilla root store, and I guess some of those would fall back > to RSA. > > I see no reason to say that they shouldn't be used at this time. > > > Kurt > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
