On Wed, Jul 5, 2017 at 7:51 AM, Gervase Markham via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> I agree crypto algorithms are not "gotta catch 'em all", but the > algorithm is ECDH, which NSS must implement anyway to support P-256 and > P-384, and a curve is just another set of parameters to it. I also think > that there is little value and there is potential confusion (as we have > seen) in Mozilla mandating a more restrictive set than the BRs and than > Microsoft: > Is it really true that additional curves are just additional parameters? I haven't gone source-diving in NSS recently, but my understanding is that most crypto libraries provide optimized assembly routines for scalar multiplication on a per-curve basis -- OpenSSL appears to have over 10,000 lines of assembly-generating-perl for P256 alone ( https://github.com/openssl/openssl/tree/master/crypto/ec/asm). Alex _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy