On Wed, Jul 15, 2015 at 11:41:03PM -0400, Jeffrey Walton wrote:
> > Same here, I think in this case "less is more". There is no
> > compelling reason for this curve, and needless diversity here is
> > counter-productive.
>
> It provides 256-bits of security. Its the only curve I am aware that
> can transport a AES-256 key while maintaining security levels.
It provides a conjectured security level around 256-bits, as does
secp521r1.
> (I've been through C&A's where matching security levels were examined).
An auditor who believes that we can rigourously quantify the security
of these curves precisely enough to say which is stronger or more
closely "matches" AES-256, should be laughed out of the room and fired.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
