On 12/6/14, 7:42 PM, Watson Ladd wrote:
On Sat, Dec 6, 2014 at 6:20 PM, Peter Saint-Andre - &yet
<[email protected]> wrote:
Joe St. Sauver raised a concern about P-256:
Also in 4.2.1, NIST P-256 (secp256r1) is called out for
interoperability purposes. I get the intent, but I have concerns
given the analysis reported near the bottom of
http://safecurves.cr.yp.to/ for that (and related) curves.
The sense of the authors is that we don't know enough to move away from
P-256 at this time, and that if evidence emerges for a better candidate then
this recommendation could be modified in a BCP that replaces this document.
The problem is that there is no alternative with acceptable
performance that fixes the issues, that is widely deployed. Even if we
had a better alternative today, interop would still make P256 the
easiest choice, and the tyranny of the install base continues.
Of course, then one has to deal with updating all the software out there.
Naturally, if WG participants have concerns and we can settle on a better
recommendation now, then the authors will incorporate the results of working
group consensus.
Can we just get this draft out the door?
You can be sure the authors desire that more fervently than anyone.
However we are trying to do that without ignoring legitimate concerns.
We are pushing to submit a revised I-D addressing all WGLC feedback as
soon as possible.
Peter
--
Peter Saint-Andre
CTO @ &yet
https://andyet.com/
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
