- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 10 Oct 2014 12:13:42 -0700
- To: Brian Smith <brian@briansmith.org>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 10 October 2014 12:06, Brian Smith <brian@briansmith.org> wrote: > > I do think that things should be specified in such a way that > Curve25519 would be acceptable. (I overlooked that the Curve25519 key > is not considered to be 256 bits long.) My main point is to try to > avoid "security level" because that's not a well-defined and > well-agreed-upon concept. I don't see why saying "224 bit keys" is > better than saying "250 bit keys" or "225-bit keys" unless the > intention is specifically to allow 224-bit ECC keys. Would 224-bit ECC be unacceptable in your mind? All the sources I have found consider it to be stronger than 2048 finite field. Isn't that the only relevant concern? If no one actually implements and deploys it, that's no big deal. Especially if everyone is using 255/256 bits. (BTW, I'll take up your point on signatures separately, it's worth considering.)
Received on Friday, 10 October 2014 19:14:10 UTC