On Wed, Feb 15, 2017 at 9:22 AM, Gervase Markham <g...@mozilla.org> wrote: > On 15/02/17 17:17, Martin Thomson wrote: >> Sure. Both NSS and Firefox support P-521. We still accept TLS >> handshakes that use it (for both key exchange and signing). I believe >> that it is also supported in webcrypto. >> >> I believe that Chrome doesn't support P-521 in TLS. We tried to >> follow them, but only briefly. > > Did things break when we disabled it? > > Do we know why Chrome decided not to support it? Two NIST curves is enough?
I don't have any knowledge of why Chrome decided to only support P-256 and P-384. I do know that P-256 and P-384 were the only two curves included in the US NSA's "Suite B" specification and that the NSA did offer an Elliptic Curve Cryptography (ECC) Patent License Agreement (PLA) [http://web.archive.org/web/20130308064650/http://www.nsa.gov/business/programs/quick_facts.shtml] at no charge for certain products. It is possible that an implementer of Elliptic Curve cryptography might want have decided to only implement curves included specifications that are presumably covered by no charge patent license agreements. Thanks, Peter -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto