As Watson says, the NIST curves are what we have. They are relatively slow and difficult to implement correctly, but they work well enough today and are best common practice. We will have other options in the future and when they are broadly deployed the document can be changed.
On Saturday, December 6, 2014, Peter Saint-Andre - &yet <[email protected]> wrote: > On 12/6/14, 7:42 PM, Watson Ladd wrote: > >> On Sat, Dec 6, 2014 at 6:20 PM, Peter Saint-Andre - &yet >> <[email protected]> wrote: >> >>> Joe St. Sauver raised a concern about P-256: >>> >>> Also in 4.2.1, NIST P-256 (secp256r1) is called out for >>> interoperability purposes. I get the intent, but I have concerns >>> given the analysis reported near the bottom of >>> http://safecurves.cr.yp.to/ for that (and related) curves. >>> >>> The sense of the authors is that we don't know enough to move away from >>> P-256 at this time, and that if evidence emerges for a better candidate >>> then >>> this recommendation could be modified in a BCP that replaces this >>> document. >>> >> >> The problem is that there is no alternative with acceptable >> performance that fixes the issues, that is widely deployed. Even if we >> had a better alternative today, interop would still make P256 the >> easiest choice, and the tyranny of the install base continues. >> >> Of course, then one has to deal with updating all the software out there. >> >>> >>> Naturally, if WG participants have concerns and we can settle on a better >>> recommendation now, then the authors will incorporate the results of >>> working >>> group consensus. >>> >> >> Can we just get this draft out the door? >> > > You can be sure the authors desire that more fervently than anyone. > However we are trying to do that without ignoring legitimate concerns. We > are pushing to submit a revised I-D addressing all WGLC feedback as soon as > possible. > > Peter > > -- > Peter Saint-Andre > CTO @ &yet > https://andyet.com/ > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
