On 8/10/2017 9:44 AM, Adam Petcher wrote:
Does anyone know of a particular use case (that we haven't discuss already) that would require a provider to support arbitrary curves? Any other arguments for or against this feature?
There are uses for changing out the base point. PAKE and SPAKE use similar math (e.g. G^s*sharedSecret is the equivalent of a new base point).
There are uses for private curves - e.g. when you want to actually be sure that the curve was randomly generated (sort of the same argument that got us to Curve25519 in the first place).
There are the whole set of Edwards curves that are mostly not included in any provider (except possible Microsoft's) as of yet.
Basically, you're trying to argue that there are no better curves (for the 'new' math) than have already been specified and there never will be. I think that's a very shortsighted argument.
Later, Mike
