>> (I've been through C&A's where matching security levels were examined). > > An auditor who believes that we can rigourously quantify the security > of these curves precisely enough to say which is stronger or more > closely "matches" AES-256, should be laughed out of the room and fired. > Maybe so, but it is what it is. The IETF is probably not going to be able to change it.
Jeff _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
