armfazh
commented
4 years ago I consider we must add or give some guidance to anyone be able to create a suite. Otherwise, we must add any combination of {curve} x {hash} suite.
Closed kwantam closed 4 years ago
armfazh
commented
4 years ago I consider we must add or give some guidance to anyone be able to create a suite. Otherwise, we must add any combination of {curve} x {hash} suite.
randombit
commented
4 years ago Having some guidance on adding additional curves would be useful IMO since there will inevitably be demand for supporting at least Brainpool and likely also ANSSI and SM2 curves in PAKEs.
chris-wood
commented
4 years ago 👍 I think guidance would help. We probably don't need to fully specify something for P-224.
kwantam
commented
4 years ago Cool! I'm convinced. Closing.
In the past we decided that we wouldn't add suites for curves under 128-bit security, because we didn't want to encourage people to use them. But it looks like we might want to add a suite for P-224, even though this violates that decision.
The reason I think we should at least discuss it is that, per a couple talks at Real World Crypto, both Google and Apple are using P-224, and in at least one of the talks someone specifically mentioned hashing to P-224.
I realize this won't be so common going forward and also that adding a suite now doesn't help either Google's or Apple's usage, so I can see the argument against. Still, thought it was worth revisiting the decision in light of more-widespread-than-expected usage...
Thoughts? @chris-wood @armfazh @grittygrease