search for: cnssp

On 10/19/2016 01:54 PM, m.roth at 5-cent.us wrote: > Alice Wonder wrote: >> On 10/19/2016 11:34 AM, Leonard den Ottolander wrote: >>> Hello Gordon, >>> >> *snip* >>> >>> Personally I would be more concerned whether or not to enable ECDSA >>> algorithms (https://blog.cr.yp.to/20140323-ecdsa.html). >>> >> For web server ECDSA

...classified or unclassified national security systems (NSS) and vendors that build products used in NSS. <snip> I suppose Google is such a vendor. Q: Can I use the NIST P-521 curve for ECDH or ECDSA on NSS? A: In order to enhance system interoperability NSA recommends the use of NIST P-384. CNSSP-15 does not permit use of NIST P-521. Use of NIST P-521 needs to be approved by NSA as an exception to policy. This continues under CNSS Advisory Memorandum 02-15. Because of "interoperability" the use of strong crypto is discouraged. Reminds me of the fact that not so long ago (an...