[Ach] summary + links from the 2013-11-04 meeting
azet at azet.org
Tue Nov 5 16:49:33 CET 2013
On 05 Nov 2013, at 16:39, L. Aaron Kaplan <kaplan at cert.at> wrote:
> Adi has a problem to recommend ECC (his judgement is based on Dan's analysis).
+1 on excluding ECC for the time being. My idea was to include non-ECC and ECC configurations and write a clear statement as to the current research involving elliptic curves and their standardization process (which seems to be heavily flawed - if you believe djb et al.). I guess sysadmins keeping track of ECC security and the ongoing discussion can safely add ECC ciphersuites, the problem still being that a lot of services and clients do not support black/whitelisting of curves or do only support particular NIST curves.
..i’m still not sure if we should completely refrain from mentioning ECC configurations in this paper.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Ach