On Tue, Jul 21, 2015 at 11:30:15AM -0400, Dave Garrett wrote: > On Tuesday, July 21, 2015 10:47:05 am Ilari Liusvaara wrote: > > I thought that Brainpool curves weren't removed (even if those aren't > > explicitly in), which are random prime curves. > > > > Also, the security of binary curves seems quite questionable. > > Brainpool curves aren't in the TLS 1.3 draft, but they're not prohibited > either. > > If there's no strong objection, I'd like to add them to the list, if > just to document the current NamedGroup registry. I could add a > recommendation to stick to standards track, for those worrying about them.
Related: There's the following draft: draft-iab-crypto-alg-agility (currently in IETF LC) which contains the following: 3.4 National Cipher Suites "The default server or responder configuration SHOULD disable such algorithms; in this way, explicit action by the system administrator is needed to enable them where they are actually required." While the thing is about cipher suites, it also goes for curves. Also, Brainpool is much slower than the special prime stuff, so I think the defaults should be high-performance where it is not known to hurt security. This could also be applied to some actual ciphersuite stuff, namely ARIA and CAMELLIA (there doesn't seem to be any usable SEED ciphers). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
