trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: Forward Secrecy ?
Date Tue, 26 Nov 2013 15:30:17 GMT


----- Original Message -----
> On Mon, Nov 25, 2013 at 10:47:42PM +0000, Igor Galić wrote:
> > 
> > Every curve that comes from J. A. Solinas I would declare on the simple
> > basis that they work for the NSA as untrustworthy, no matter whether
> > these constants are good or bad or NIST recommended and in an RFC simply
> > for having all together produced and standardized DUAL_EC_DRBG.
> > 
> > Frankly, I think we should prepare the code, but wait out the storm as
> > to which algorithms to chose.
> 
> But can the server dictate any other curves than what the browsers
> support ? As far as I understand NIST P-256 and P-384 are the only
> curves widely supported by browsers..
> 
> 	http://security.stackexchange.com/questions/31772/what-elliptic-curves-are-supported-by-browsers
> 	http://security.stackexchange.com/questions/42088/can-custom-elliptic-curves-be-used-in-common-tls-implementations
> 	http://www.carbonwind.net/blog/post/A-quick-look-over-some-browsers-and-their-SSLTLS-implementations.aspx
> 
> plus I suspect curve25519 might soon be available in chrome, and others
> might follow:
> 
> 	http://www.ietf.org/mail-archive/web/tls/current/msg05852.html
> 	(interesting thread, and it casts some doubt to if the NIST curves can be
> 	backdoored..)

With my tin-foil hat on, I'd like to say that it doesn't matter whether
they technically can, or cannot be backdoored. It is still questionable.
The trust in NIST and the standardization process is broken. That trust
needs to be rebuild.

>   -jf

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641


Mime
View raw message