X25519 Unlisted by -list_curves and Any Trusted Python Code for X, Y Coordinates

Salz, Rich rsalz at akamai.com
Wed Dec 25 23:50:29 UTC 2019

  *   I want to us ECDSA for my Web server's SSL certificate via an ACME client to Let's Encrypt and maybe later BuyPass.

That’s fine.

  *   I thought that EC is better than RSA, but now I don't think so. The answer seems to be: it depends.

There are trade-offs.  The biggest one is that EC gives equivalent security with a much smaller keysize.

  *   Safe Curves (SafeCurves: Introduction<https://urldefense.proofpoint.com/v2/url?u=https-3A__safecurves.cr.yp.to_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=FZ0AXmFqGUcUdZYm5wdvA4_d71tTi9iIRfHWFcL8wRo&s=ntsSs3tKgynp0pN2J8Yxf8Cd1wrWobKgA4jQ_PLgtPY&e=>) says …

FWIW, SafeCurves is mostly the guy behind 25519 :) This is not a slam against djb, who’s kinda brilliant.

If you’re not sure what to do, perhaps follow what the browsers do.  That way if something’s wrong you’ll just be going up in flames with the rest of the world.

If you don’t trust the NSA and therefore don’t trust NIST, do you accept AES? What about when they approve 25519?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191225/7d0d352a/attachment.html>

More information about the openssl-users mailing list