X25519 Unlisted by -list_curves and Any Trusted Python Code for X, Y Coordinates
hkario at redhat.com
Thu Jan 2 10:21:11 UTC 2020
On Thursday, 26 December 2019 00:50:29 CET, Salz, Rich via openssl-users
> * I want to us ECDSA for my Web server's SSL certificate
> via an ACME client to Let's Encrypt and maybe later BuyPass.
> That’s fine.
> * I thought that EC is better than RSA, but now I don't
> think so. The answer seems to be: it depends.
> There are trade-offs. The biggest one is that EC gives
> equivalent security with a much smaller keysize.
> * Safe Curves (SafeCurves:
> says …
> FWIW, SafeCurves is mostly the guy behind 25519 :) This is not
> a slam against djb, who’s kinda brilliant.
> If you’re not sure what to do, perhaps follow what the browsers
> do. That way if something’s wrong you’ll just be going up in
> flames with the rest of the world.
> If you don’t trust the NSA and therefore don’t trust NIST, do
> you accept AES? What about when they approve 25519?
there's also the difference between a "is the curve a safe generic
primitive?" and "is the curve safe when used in X.509 and TLS?"
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
More information about the openssl-users