[Ach] preference of curves in ECC - ECDSA, ECDH

Aaron Zauner azet at azet.org
Sun Mar 9 20:37:39 CET 2014

Pepi Zawodsky wrote:
> Actually secp256r1 and secp384r1 are supported in all clients that do ECC.
Those are the mentioned NIST curves :)

> So if we can really specify a list of ECC curves via OpenSSL that would open a whole bunch of curves we can support server side. We'll need to test this of course.
The problem I see is with verifying the security of those curves. We do
not have proper research to base any recommendation on. The safecurve
stuff by bernstein is nice, but we cannot only refer to one publication.
Also he considers some of the curves to be "unsafe" although some of the
mentioned issues might not have any practical relevance to the security
of the mentioned curve when implemented.

Dan Boneh (stanford) also recently voiced concern about the NIST cuves
at RSA conference [sic!].


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140309/4d59d210/attachment.sig>

More information about the Ach mailing list