On Thu, Jan 02, 2014 at 12:59:39PM -0500, Daniel Kahn Gillmor wrote: > On 01/02/2014 12:35 PM, Dr. Stephen Henson wrote: > > That's just TLS. To add more complete support to OpenSSL including storing > > private keys in PEM files and public keys in case we ever use it in ECDH > > certificates it needs an OID and some details on how the keys are encoded. > > But ECDHE doesn't need any of these trappings, as nice as they would be > to have. The curves are known; implementations of them are known; > secret keys can be held in memory in any standard way, and public keys > can be transmitted on the wire for the key exchange as simply as > possible, without specifying PKCS encodings or SPKI or whatever. > > Getting Curve25519 (and Curve3617?) functional for ECDHE would be a > demonstrably good thing on its own, and it would be a shame for that > functionality to wait until people could finally agree on how to use > PKCS encodings and EdDSA for X.509 certificates.
I also think that ECDHE really is currently the priority, to have an alternative to the NIST P curves at least some people think are backdoored by the NSA and as result want to avoid. Most people seem want to do PFS now, but some want ECDHE for speed and the other DHE to avoid the NIST P curves. I think having something like Curve25519 could make both sides agree on using ECDHE. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
