My (totally informal) "vote" for next gen elliptic curves: 128-bit: Curve25519, 224-bit: Ed448-Goldilocks, 256-bit: E-521 /cc @WatsonLadd
@DLitz @WatsonLadd we’re never going to get anywhere if we keep arguing about what curves to use…
-
-
@bascule@WatsonLadd True, but it's also pointless theater if enough implementations end up insecure, even if on paper it's "high security". -
@DLitz@WatsonLadd I don't see how that comment has anything to do with a conversation on curve selection -
@DLitz@WatsonLadd so your alternative is one curve to rule them all and a single ciphersuite? What happens when something breaks? -
@bascule@WatsonLadd Re: "What happens when something breaks?" Worst-case, we upgrade, like we did with bash. Still better than status quo. -
@DLitz speaking as someone who deals with TLS termination for a major site, having failsafes in a shifting security landscape is essential -
@DLitz there is a definite need for something to shift to in the event of the discovery of major flaws anywhere in the cryptosystem -
@bascule It shouldn't wait for major flaws. BEAST never would have happened if we regularly upgraded entire protocols. - 4 more replies
New conversation -
-
-
@bascule@WatsonLadd There's no point in using crypto much stronger than the probability of a catastrophic implementation bug.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.