There are also companies in the US which ship X25519, but as Andrei says, there are also situations where P-256 is required. The question is rather what the minimum set of algorithms we need is. My point is that that has to include P-256. It may well be the case that it needs to also include X25519.
Most of our customers (those who have informed opinions) prefer X25519, but our FedRAMP customers must have P256. Without comment, I point out that the IETF has a long history of “ignoring” US Government standards except when convenient to support them. Perhaps that’s changing. Even recently, we still seem to prefer that NIST, etc., accommodates what we do rather than vice-versa.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
