----- Original Message ----- > On Mon, Nov 25, 2013 at 10:47:42PM +0000, Igor Galić wrote: > > > > Every curve that comes from J. A. Solinas I would declare on the simple > > basis that they work for the NSA as untrustworthy, no matter whether > > these constants are good or bad or NIST recommended and in an RFC simply > > for having all together produced and standardized DUAL_EC_DRBG. > > > > Frankly, I think we should prepare the code, but wait out the storm as > > to which algorithms to chose. > > But can the server dictate any other curves than what the browsers > support ? As far as I understand NIST P-256 and P-384 are the only > curves widely supported by browsers.. > > > http://security.stackexchange.com/questions/31772/what-elliptic-curves-are-supported-by-browsers > > http://security.stackexchange.com/questions/42088/can-custom-elliptic-curves-be-used-in-common-tls-implementations > > http://www.carbonwind.net/blog/post/A-quick-look-over-some-browsers-and-their-SSLTLS-implementations.aspx > > plus I suspect curve25519 might soon be available in chrome, and others > might follow: > > http://www.ietf.org/mail-archive/web/tls/current/msg05852.html > (interesting thread, and it casts some doubt to if the NIST curves can > be > backdoored..)
With my tin-foil hat on, I'd like to say that it doesn't matter whether they technically can, or cannot be backdoored. It is still questionable. The trust in NIST and the standardization process is broken. That trust needs to be rebuild. > -jf -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: [email protected] URL: http://brainsware.org/ GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641
