Re: Other ECC Curves
Le mercredi 11 juin 2014 11:58:24 UTC+2, cod3 ang3l a écrit : On Tue, 2014-06-10 at 18:47 +0200, Kurt Roeckx wrote: I would also like to see Ed25519, but there is no standard on how to do that yet. I added patch for Curve25519 to https://bugzilla.mozilla.org/show_bug.cgi?id=957105 Is patch good? This patch is only valid for key exchange (ECDH), while Rick's email is about certificate signing (ECDSA). Curve25519, and probably other Bernstein's curves, can't be used with ECDSA (EdDSA must be used, a different algo). Rick, if you want to support other curves (Brainpool?), you should also propose a ballot for this at CABF. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Other ECC Curves
On Monday, June 9, 2014 4:27:56 PM UTC-7, Rick Andrews wrote: AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. Are any other ECC curves supported by Mozilla, in case one wanted to use a different curve? Is the list of supported algorithms and key sizes published somewhere? Sorry about the double-post; I got an error the first time so I decided to retry. There's an active conversation in the TLS Working Group of the IETF on ECC curves: http://www.ietf.org/mail-archive/web/tls/current/msg12761.html -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Other ECC Curves
AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. If a CA wanted to add a root using a different curve, we would need to know what other curves were supported by Mozilla. Is this info published anywhere? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Other ECC Curves
On 06/10/2014 09:47 AM, Kurt Roeckx wrote: On Mon, Jun 09, 2014 at 04:27:56PM -0700, Rick Andrews wrote: AFAIK, Symantec and other CAs have added ECC roots to Mozilla's root store using NIST curves. Are any other ECC curves supported by Mozilla, in case one wanted to use a different curve? Is the list of supported algorithms and key sizes published somewhere? As far as I know NSS currently only supports P256, P384 and P521. More exactly NSS can support the initial TLS suite of curves, but almost all users (including mozilla and redhat) of NSS just compile the above 3 NIST curves. I would like to add brainpool to that, which should be easy. I would also like to see Ed25519, but there is no standard on how to do that yet. Adding support for any curve within NSS should be relatively straightforward. Convincing particular entities to ship with other curves enable is another matter. bob Kurt smime.p7s Description: S/MIME Cryptographic Signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto