> The main reason I think this warrants discussion is that dropping it would
> drop the maximum bits here, which whilst obviously not the only factor to
> take into account, will possibly not be desired by some. The main arguments
> for ditching is probably that it might not be safely implemented and nobody
> actually needs something this big.
>
Removing it would drop the max number of bits but not necessarily the
max security. The exact security of binary curves is currently under
discussion. The new algorithms offer at best an asymptotic speedup --
but 571 might be big enough to fall under asymptotics.
I understand that libraries support it, but is it actually being used?
Does anybody have statistics on how many sites use it?
Tanja
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
