Closed amika-sq closed 2 months ago
I believe the reason secp256r1
was added was because we wanted to support 1 FIPS compliant algorithm. But secp256k1
is also FIPS compliant so i left it out. at least for now
@frankhinek can you think of any other reasons as to why secp256r1
should be supported?
@mistermoe I suppose it depends on whether we expect any partners / participants to follow U.S. Federal recommendations?
If that matters, we ought to consider that as of the most recent publication, FIPS 186-5, the guidelines for elliptic curves suitable for Federal government use have been moved to NIST SP 800-186.
Notable is:
secp256k1
but only for "blockchain-related applications"P-256 is good to support since it's supported by existing HSMs/KMS. The code for ECDSA is quite similar to the code for ES256K (often uses the same lib, as was the case in the go impl).
this is supported
In the previous requirements doc, there was a stretch goal of supporting
secp256r1
.This may be a misunderstanding on my part, but I believe that ES256K is only used for
secp256k1
. Wondering if we should be tracking support for the other, or if that's no longer a goal