On 27 June 2017 at 11:44, Alex Gaynor via dev-security-policy <[email protected]> wrote: > I'll take the opposite side: let's disallow it before it's use expands :-) > P-521 isn't great, and there's really no value in proliferation of crypto > algorithms, as someone told me: "Ciphersuites aren't pokemon, you shouldn't > try to catch 'em all". There's no real use cases P-521 enables, and not > supporting it means one less piece of code to drag around as we move > towards better curves/signature algorithms like Ed25519 and co.
But is that what we're talking about? I didn't think the question was "Should we remove P-521 code from NSS" it's "Should we permit CAs to use P-521?" Limiting the policy to restrict P-521 would probably not affect the code at all - a self-signed cert that uses it will still trigger the code most likely (unless we were particularly clever about not hitting those code paths until after the user trusted a self-signed cert.) -tom _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
