Alice Wonder wrote:
> On 10/19/2016 11:34 AM, Leonard den Ottolander wrote:
>> Hello Gordon,
>>
> *snip*
>>
>> Personally I would be more concerned whether or not to enable ECDSA
>> algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).
>>
> For web server ECDSA certs is currently a concern because the only
> curves with popular support across browsers have parameters that were
> chosen for undocumented reasons.
>
> That doesn't mean they are vulnerable but there is a question.
>
> OpenSSH uses Curve25519 for ECDSA which has documented reasons for the
> parameters chosen and thus are far less likely to be nefariously chosen.
>
> At least that's my understanding of the situation, which could be flawed.
Oh, are those the ones with the NSA backdoor curve?
mark
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
