Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process
My point is that there is a documented listed of supported curves for ECDSA but attempting to use any other safe curve in the list results in a failure. I am not trying to use some arbitrary curve.
If your point is that no safe curve is permitted because the powers that be don't permit it, TLS is doomed.
I run a cryptography forum, I know this stuff, and the problem isn't algorithmic weakness but complexity of implementation.
All major browsers and similar networking libraries now have safe implementations after experts have taken great care to handle the edge cases.
It's not a fault with let's encrypt. If they allowed nonstandard curves then almost nothing would be compatible with it, even the libraries which technically have the code for it because anything not in the TLS spec is disabled.
The WRC deals with unsafe curves all the time. I think picking a couple of spots on some of their curves at high speed would be interesting. Samir has been known to break some of these…
My point is that there is a documented listed of supported curves for ECDSA but attempting to use any other safe curve in the list results in a failure. I am not trying to use some arbitrary curve.
If your point is that no safe curve is permitted because the powers that be don't permit it, TLS is doomed.
https://eff-certbot.readthedocs.io/en/latest/using.html#using-ecdsa-keys
The default is a curve widely believed to be unsafe, p256, with no functioning safe alternative.
https://safecurves.cr.yp.to/
That's Bernstein's website if anyone was wondering, showing p256 is unsafe.
I run a cryptography forum, I know this stuff, and the problem isn't algorithmic weakness but complexity of implementation.
All major browsers and similar networking libraries now have safe implementations after experts have taken great care to handle the edge cases.
It's not a fault with let's encrypt. If they allowed nonstandard curves then almost nothing would be compatible with it, even the libraries which technically have the code for it because anything not in the TLS spec is disabled.
https://security.stackexchange.com/questions/42088/can-custom-elliptic-curves-be-used-in-common-tls-implementations
https://cabforum.org/baseline-requirements-certificate-contents/
CAB is the consortium of Certificate Authorities (TLS x509 certificate issuers)
With that said curve25519 is on its way into the standards
Tldr would be that there are no safe ECC curves in TLS? Yet
P256 isn't known to be insecure if implemented right, it's just harder to implement right
The WRC deals with unsafe curves all the time. I think picking a couple of spots on some of their curves at high speed would be interesting. Samir has been known to break some of these…