You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As long as there are no alternative curves with that long-term security level, I would like to use secp521r1 both for ECDSA and ECDHE. So please do not use this for future Mozilla products, unless this security level is given. This should be worth for an extra donation to Mozilla for developer motivation.
The text was updated successfully, but these errors were encountered:
As long as there are no alternative curves with that long-term security level, I want to use secp521r1 both for ECDSA and ECDHE.
I made some design decisions in ring that make it kind of painful to support P-521. In particular, supporting P-521 would increase the memory and stack size requirements for P-256 and P-384.
Also, the optimal implementation strategy for P-521 field operations (especially modular multiplication and squaring) is very different from the strategy used in ring. Code would need to be refactored to support alternate implementation strategies, or P-521 would be quite inefficient. Not very appealing either way.
I'm not saying I'd never add P-521, but right now I think the cost:benefit ratio is too low, as far as I understand all the factors.
So please do not use this for future Mozilla products, unless this security level is given. This should be worth for an extra donation to Mozilla for developer motivation.
As long as there are no alternative curves with that long-term security level, I would like to use secp521r1 both for ECDSA and ECDHE. So please do not use this for future Mozilla products, unless this security level is given. This should be worth for an extra donation to Mozilla for developer motivation.
The text was updated successfully, but these errors were encountered: