JCA design for RFC 7748
Michael StJohns
mstjohns at comcast.net
Thu Aug 10 16:25:48 UTC 2017
On 8/10/2017 9:44 AM, Adam Petcher wrote:
> Does anyone know of a particular use case (that we haven't discuss
> already) that would require a provider to support arbitrary curves?
> Any other arguments for or against this feature?
There are uses for changing out the base point. PAKE and SPAKE use
similar math (e.g. G^s*sharedSecret is the equivalent of a new base point).
There are uses for private curves - e.g. when you want to actually be
sure that the curve was randomly generated (sort of the same argument
that got us to Curve25519 in the first place).
There are the whole set of Edwards curves that are mostly not included
in any provider (except possible Microsoft's) as of yet.
Basically, you're trying to argue that there are no better curves (for
the 'new' math) than have already been specified and there never will
be. I think that's a very shortsighted argument.
Later, Mike
More information about the security-dev
mailing list