Dear WG members,
I am quite astonished that the brainpool curves are eventually prohibited in TLS 1.3. Based on an earlier comment (https://www.ietf.org/mail-archive/web/tls/current/msg17204.html), I would have thought that the brainpool curves will be allowed in any future version, especially since they have been deployed successfully to date. Reading the latest draft I happened to notice that the numbers 0x001A to 0x001C that point to the brainpool curves are marked as obsolete_RESERVED for the following reasons: "The obsolete curves have various known/theoretical weaknesses or have had very little usage, in some cases only due to unintentional server configuration issues. They are no longer considered appropriate for general use and should be assumed to be potentially unsafe." (See p. 127) I am not aware of any weaknesses of the brainpool curves, so I consider this banishment unjustified. As I did not at all understand this decision and furthermore, could not find any explanations in the mailing list archive, I would like to ask how all this happened. Best regards, Leonie
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
