----- Original Message ----- > Hi, > > - rsapss_sha256 > > - rsapss_sha384 > > - rsapss_sha512 > > - ecdsa_p256_sha256 > > - ecdsa_p256_sha384 > > - ecdsa_p256_sha512 > > - ecdsa_p384_sha256 > > - ecdsa_p384_sha384 > > - ecdsa_p384_sha512 > > - ecdsa_p521_sha256 > > - ecdsa_p521_sha384 > > - ecdsa_p521_sha512 > > - eddsa_ed25519 > > - eddsa_ed448 > Do we really need that many? > I think the "complexity zoo" of TLS is one of its current downsides and > I really think we should go with fewer options in the future. Can we > strip that down to - below 5 or something? (personal opinion: Strip > down to 2, but this may be too radical for now.)
In addition options like ecdsa_p384_sha256 ignore the NIST DSS recommendations of using equivalent security strength for hash and signature (SP-800-57). Having fewer options is indeed better. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
