My (totally informal) "vote" for next gen elliptic curves: 128-bit: Curve25519, 224-bit: Ed448-Goldilocks, 256-bit: E-521 /cc @WatsonLadd
@DLitz @WatsonLadd so your alternative is one curve to rule them all and a single ciphersuite? What happens when something breaks?
-
-
@bascule@WatsonLadd Re: "What happens when something breaks?" Worst-case, we upgrade, like we did with bash. Still better than status quo. -
@DLitz speaking as someone who deals with TLS termination for a major site, having failsafes in a shifting security landscape is essential -
@DLitz there is a definite need for something to shift to in the event of the discovery of major flaws anywhere in the cryptosystem -
@bascule It shouldn't wait for major flaws. BEAST never would have happened if we regularly upgraded entire protocols. -
@DLitz you're not really big on that whole "interoperability" thing, are you? -
@bascule Really, all any implementation needs today is: 1. This year's state-of-the-art; and 2. Last year's state-of-the-art. -
@DLitz here in the real world, we’re forced to implement protocols created in the ‘80s, because they’re still used -
@bascule No 1980s protocol is secure. If you need to talk to 1980s software, tunnel it through a real secure channel.
End of conversation
New conversation -
-
-
@bascule@WatsonLadd One per generation, and in return you get simpler implementations & shorter upgrade cycles. -
@DLitz@WatsonLadd I think that@trevp__'s Noise builds in support for multiple curves in an unobtrusive way: https://github.com/trevp/noise/wiki/Ciphersuites … -
@bascule@WatsonLadd@trevp__ Yeah, basically something like that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.