On Mon, Jul 20, 2015 at 01:42:01PM +0200, Hubert Kario wrote: > On Monday 20 July 2015 14:39:03 Ilari Liusvaara wrote: > > On Mon, Jul 20, 2015 at 12:55:37PM +0200, Hubert Kario wrote: > > > > There are other shortcomings tho: > > - If Ed25519 is supported, one also needs to support Curve25519. > > - If Ed25519 and Curve448 are supported, one needs to support > > Curve25519 and Ed448. > > - And the cross case from previous. > > > > So with the same, in TLS 1.2, the following combinations would > > be possible: > > - None at all. > > - Curve25519 > > - Curve448 > > - Curve25519 & Curve448 > > - Curve25519 & Ed25519 > > - Curve448 & Ed448 > > - Curve25519 & Curve448 & Ed25519 & Ed448. > > if we define separate codepoints for Curve25519 and Ed25519, yes
That list was assuming the following: - TLS at least 1.2 (I don't see much point with bothering with lesser versions here). - Unified 255/448 bit signature algorithm as one of SignatureAlgorithm codepoints, using ECDSA ciphersuites. - The same codepoint used for both 25519 kex and sig curve (and the same for 448). Breaking any of those three assumptions changes things here. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
