|
|
|
|
|
|
by throw0101a
2528 days ago
|
|
|
> Meanwhile I would gladly fire someone for using AES128 or the NSA-sponsored curves, despite being in Suite B. Why? Pointing SSL Labs at my bank, it's what they use (ECDH secp256r1). What does your bank use? Or is there a site that you consider more important than that one? Would you fire the folks at Let's Encrypt, who only offer certs of RSA and P-{256,384}? Gmail, where they do offer x25519, but where most browsers use secp256r1? |
|
|
> who only offer certs of RSA and P-{256,384}?
I am pretty sure that nginx and openssl only recently added support for ed25519 certificates. Although to be honest I don't really like the idea of let's encrypt. The addressing system that tor uses has solved that issue already.
> but where most browsers use secp256r1?
This is an issue. Browser vendors should prioritize the djb algorithms.