On Fri, Nov 20, 2020 at 08:43:59AM -0800, Skip Carter wrote:
> I am sure this in the documentation somewhere; but where ?
>
> What are the preferred ECDH curves for a given keysize ? Which curves
> are considered obsolete/deprecated/untrustworthy ?
Is this a general question about industry best
Those "rigid curves" that will be used in the future - future how distant, and
for how long?
Regards,
Uri
> On Nov 20, 2020, at 13:54, Phillip Hallam-Baker wrote:
>
smime.p7s
Description: S/MIME cryptographic signature
There are currently two sets of preferred curves.
CABForum approved use of the NIST curves from Suite B at 384 bits (and
521??) several years ago. Those are currently the only curves for which
FIPS-140 certified HSMs are currently available and thus the only ones that
can be supported by WebPKI CA
> From: openssl-users On Behalf Of Skip
> Carter
> Sent: Friday, 20 November, 2020 09:44
>
> What are the preferred ECDH curves for a given keysize ? Which curves
> are considered obsolete/deprecated/untrustworthy ?
For TLSv1.3, this is easy. RFC 8446 B.3.1.4 only allows the following:
secp256r
I am sure this in the documentation somewhere; but where ?
What are the preferred ECDH curves for a given keysize ? Which curves
are considered obsolete/deprecated/untrustworthy ?
--
Dr Everett (Skip) Carter 0xF29BF36844FB7922
s...@taygeta.com
Taygeta Scientific Inc
607 Charles Ave
Seaside
