On Monday 20 July 2015 14:39:03 Ilari Liusvaara wrote: > On Mon, Jul 20, 2015 at 12:55:37PM +0200, Hubert Kario wrote: > > On Tuesday 14 July 2015 17:23:44 Simon Josefsson wrote: > > > Compare how we "reuse" the ECDHE ciphersuite values to refer to > > > Curve25519 (instead of defining new ciphersuites for Curve25519), and > > > how we are "reusing" the "uncompressed" code point to refer to > > > Curve25519-compressed code points (instead of defining new > > > ECPointFormat). > > > > the point is, that if Ed25519 for signatures is defined, an implementation > > that doesn't understand it[1] can't advertise that fact > > Are you thinking about 1.0/1.1? In 1.2 it can: signature_algorithms > (I'm not confident new signature algorithm would work without either > that nor new ciphersuites). > > > There are other shortcomings tho: > - If Ed25519 is supported, one also needs to support Curve25519. > - If Ed25519 and Curve448 are supported, one needs to support > Curve25519 and Ed448. > - And the cross case from previous. > > So with the same, in TLS 1.2, the following combinations would > be possible: > - None at all. > - Curve25519 > - Curve448 > - Curve25519 & Curve448 > - Curve25519 & Ed25519 > - Curve448 & Ed448 > - Curve25519 & Curve448 & Ed25519 & Ed448.
if we define separate codepoints for Curve25519 and Ed25519, yes -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
