Re: [FORGED] Re: Other Curves

Ryan Sleevi writes: >Current (and presently proposed) Mozilla policy does not allow them. Nor are >they supported in Mozilla NSS anymore (and their previous support was not one >you should use for security-critical purposes). Nor are they supported in >other UAs. I should point

Re: Other Curves

boeck.de>; r...@sleevi.com; > mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Other Curves > > > > Unfortunately, despite the Bitcoin community's enthusiasm, secp256k1 has very > bad side-channel properties: > > https://eprint.iacr.org/2014/161.pdf > https://

Re: Other Curves

emy.row...@digicert.com> > *Cc:* Hanno Böck <ha...@hboeck.de>; r...@sleevi.com; > mozilla-dev-security-pol...@lists.mozilla.org > *Subject:* Re: Other Curves > > > > Unfortunately, despite the Bitcoin community's enthusiasm, secp256k1 has > very b

RE: Other Curves

ck.de>; r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Other Curves Unfortunately, despite the Bitcoin community's enthusiasm, secp256k1 has very bad side-channel properties: https://eprint.iacr.org/2014/161.pdf https://bugzilla.mozilla.org/show_bug.cgi?id=1051

Re: Other Curves

On Wed, Feb 01, 2017 at 11:51:48PM +0100, Hanno Böck wrote: > On Wed, 1 Feb 2017 22:38:54 + > Jeremy Rowley wrote: > > > Some of these curves are considered much better than the NIST curves > > (well, that’s what I’ve read anyway). > > Overall they have mostly

Re: Other Curves

essage- > From: Hanno Böck [mailto:ha...@hboeck.de] > Sent: Wednesday, February 1, 2017 3:52 PM > To: Jeremy Rowley <jeremy.row...@digicert.com> > Cc: r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Other Curves > > On Wed, 1 Feb 20

RE: Other Curves

ty-pol...@lists.mozilla.org Subject: Re: Other Curves On Wed, 1 Feb 2017 22:38:54 + Jeremy Rowley <jeremy.row...@digicert.com> wrote: > Some of these curves are considered much better than the NIST curves > (well, that’s what I’ve read anyway). Overall they have mostly the same weaknesses th

RE: Other Curves

...@hboeck.de] Sent: Wednesday, February 1, 2017 3:52 PM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Other Curves On Wed, 1 Feb 2017 22:38:54 + Jeremy Rowley <jeremy.row...@digicert.com> wr

Re: Other Curves

On Wed, 1 Feb 2017 22:38:54 + Jeremy Rowley wrote: > Some of these curves are considered much better than the NIST curves > (well, that’s what I’ve read anyway). Overall they have mostly the same weaknesses than the NIST curves. There are differences in detail,

RE: Other Curves

row...@digicert.com> Cc: r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Other Curves On Wed, Feb 1, 2017 at 2:38 PM, Jeremy Rowley <jeremy.row...@digicert.com <mailto:jeremy.row...@digicert.com> > wrote: Some of these curves are considered much be

Re: Other Curves

On Wed, Feb 1, 2017 at 2:38 PM, Jeremy Rowley wrote: > Some of these curves are considered much better than the NIST curves > (well, that’s what I’ve read anyway). With how many new curves there are > (many with an international flavor), it’d be nice if Mozilla

RE: Other Curves

in RFCs, HSMs, and in applications. From: Ryan Sleevi [mailto:r...@sleevi.com] Sent: Wednesday, February 1, 2017 3:34 PM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Other Curves That seems altogether a bad idea for the eco

RE: Other Curves

ty-pol...@lists.mozilla.org Subject: Re: Other Curves Do you mean for signing by the CA, or as the key in the EE cert? On Wed, Feb 1, 2017 at 2:26 PM, Jeremy Rowley <jeremy.row...@digicert.com <mailto:jeremy.row...@digicert.com> > wrote: I know the use of other ECC curves comes up often, but

Re: Other Curves

That seems altogether a bad idea for the ecosystem. Current (and presently proposed) Mozilla policy does not allow them. Nor are they supported in Mozilla NSS anymore (and their previous support was not one you should use for security-critical purposes). Nor are they supported in other UAs. I'm

Re: Other Curves

Do you mean for signing by the CA, or as the key in the EE cert? On Wed, Feb 1, 2017 at 2:26 PM, Jeremy Rowley wrote: > I know the use of other ECC curves comes up often, but I couldn't recall > where Mozilla landed on using other ECC curves. Requests for secp256k1