trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan-Frode Myklebust <janfr...@tanso.net>
Subject Re: Forward Secrecy ?
Date Mon, 25 Nov 2013 23:26:51 GMT
On Mon, Nov 25, 2013 at 10:47:42PM +0000, Igor Galić wrote:
> 
> Every curve that comes from J. A. Solinas I would declare on the simple
> basis that they work for the NSA as untrustworthy, no matter whether
> these constants are good or bad or NIST recommended and in an RFC simply
> for having all together produced and standardized DUAL_EC_DRBG.
> 
> Frankly, I think we should prepare the code, but wait out the storm as
> to which algorithms to chose.

But can the server dictate any other curves than what the browsers
support ? As far as I understand NIST P-256 and P-384 are the only
curves widely supported by browsers..

	http://security.stackexchange.com/questions/31772/what-elliptic-curves-are-supported-by-browsers
	http://security.stackexchange.com/questions/42088/can-custom-elliptic-curves-be-used-in-common-tls-implementations
	http://www.carbonwind.net/blog/post/A-quick-look-over-some-browsers-and-their-SSLTLS-implementations.aspx

plus I suspect curve25519 might soon be available in chrome, and others
might follow:

	http://www.ietf.org/mail-archive/web/tls/current/msg05852.html
	(interesting thread, and it casts some doubt to if the NIST curves can be backdoored..)


  -jf

Mime
View raw message