On Mon, Nov 25, 2013 at 10:47:42PM +0000, Igor Galić wrote:
>
> Every curve that comes from J. A. Solinas I would declare on the simple
> basis that they work for the NSA as untrustworthy, no matter whether
> these constants are good or bad or NIST recommended and in an RFC simply
> for having all together produced and standardized DUAL_EC_DRBG.
>
> Frankly, I think we should prepare the code, but wait out the storm as
> to which algorithms to chose.
But can the server dictate any other curves than what the browsers
support ? As far as I understand NIST P-256 and P-384 are the only
curves widely supported by browsers..
http://security.stackexchange.com/questions/31772/what-elliptic-curves-are-supported-by-browsers
http://security.stackexchange.com/questions/42088/can-custom-elliptic-curves-be-used-in-common-tls-implementations
http://www.carbonwind.net/blog/post/A-quick-look-over-some-browsers-and-their-SSLTLS-implementations.aspx
plus I suspect curve25519 might soon be available in chrome, and others
might follow:
http://www.ietf.org/mail-archive/web/tls/current/msg05852.html
(interesting thread, and it casts some doubt to if the NIST curves can
be backdoored..)
-jf
