On Thu, Aug 07, 2014 at 12:32:52PM +0300, Yaron Sheffer wrote: > > But I guess we jumped the gun by recommending Brainpool as the primary > curve. I would like to remove this recommendation, and retain the NIST curve > - which is all we have now. What do you think?
The problem with Brainpool is that they use randomly generated primes, which means terrible performance (NIST/NSA[1] at least tried to make something that is efficient, even if in the end it turned out not to be even near optimal). The practical consequence is that Brainpool is not used in practice, and since TLS only properly supports NIST/NSA and Brainpool, NIST/NSA it is. This situation isn't expected to change before CFRG recomendations come out (which we are apparently not going to wait for). [1] Generating those curves is credited to NSA. -Ilari _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
