Joe St. Sauver raised a concern about P-256:
Also in 4.2.1, NIST P-256 (secp256r1) is called out for
interoperability purposes. I get the intent, but I have concerns
given the analysis reported near the bottom of
http://safecurves.cr.yp.to/ for that (and related) curves.
The sense of the authors is that we don't know enough to move away from
P-256 at this time, and that if evidence emerges for a better candidate
then this recommendation could be modified in a BCP that replaces this
document.
Naturally, if WG participants have concerns and we can settle on a
better recommendation now, then the authors will incorporate the results
of working group consensus.
Peter
--
Peter Saint-Andre
CTO @ &yet
https://andyet.com/
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
