> On Apr 17, 2017, at 9:46 AM, Thedore Oidelson <the0idel...@gmail.com> wrote:
>
> I'm taking Glyph's suggestion and bringing this to the mailing list. :)
Thank you :). Hopefully some people more qualified than me will comment...
> I still believe it was unwise to remove the support for the extra EC curves
> in PR #749 for a few reasons that I've said in a few different places so I'll
> summarize them here.
I have some arguments with the form of your argument here, but I should
emphasize that I don't know enough about the specific underlying crypto to go
one way or another - mostly I'm trusting the opinions of Alex Gaynor, and your
counterpoints are not convincing (yet).
> * Support for more curves is better. It gives more options to users and
> developers such as myself who want to use Twisted for custom environments.
> All of this widens the support base.
Not necessarily. Support for more curves may allow or encourage the use of
insecure curves by naive users.
> * These are all curves suggested in RFC 5656, and I believe the more Twisted
> supports the RFC the better.
RFC 5656 is very old. Specifically: pre-heartbleed, pre-snowden, pre-BULLRUN
revelations. Just because it's in that RFC is not a compelling argument for
its inclusion.
> * There are cases for using alternative curves. NIST-T-571 is stronger than
> any of the currently supported curves. NIST-K-163 is weaker, but there are
> still uses for it. I may be working in an embedded environment where every
> CPU cycle counts and I just need simple encryption to protect against simple
> plain text scanning.
These types of use-cases do not require these curves to be enabled by conch by
default. They just require there being a public API to enable these things.
> * Having extra curves does not make Twisted less secure.
If they are enabled by default, it very well can.
> SSH negotiates encryption based on a list of preferred ciphers. We put the
> strongest ciphers first and the weaker curves only get used if nothing better
> is available where weak encryption is still better than no encryption.
Or if an adversary successfully executes a downgrade attack.
There's downgrade detection in SSH, but we shouldn't rely on it to be perfect.
> There are other reasons why I think it makes sense to have the curves in
> Twisted but these are the main ones.
I think it might be more productive to argue for the inclusion of individual
curves on a case-by-case basis. "should it be included at all" and "should it
be enabled by default" are also separate questions.
-glyph
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
