On 2020-10-08 16:22, Marcin Romaszewicz wrote: > Practically, there isn't much reason today to use the P384 and P521 curves. > The > security provided by P256 is very good, not known to be crackable today, and > it's a widely supported curve. P384 is reasonably well supported, but not as > widely, and P521 isn't well supported at all, since it's not in the NSA Suite > B > crypto recommendations, which drive many crypto standards.
There is no good reason to use P384 and little reason to use P521 and no reason to use p521 for a standard website. The only reason I know of to consider p521 which the browsers do not support (for no good reason, though ssh even installs a 256 bit host key by default anyway, so maybe key variability simplicity) is because it offers the greatest challenge in qubits to any potential quantum computer. However, there is even a possibility that a quantum computer with enough qubits to defeat p256 is never built or a traditionally binary computer succeeds first in many years time. I don't think the world is quite ready for tls 1.3 only yet but you could even limit the provided algorithms to ed25519 or block P384 in tls 1.2. I would see that as a far better choice than cgo personally! Here is how "https://blog.cloudflare.com/exposing-go-on-the-internet/"; -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/1da205bc-b646-1595-75c2-d1c4c02d3ed2%40gmail.com.
