[Twisted-Python] Elliptic Curve support
Thedore Oidelson
the0idelson at gmail.com
Mon Apr 17 10:46:38 MDT 2017
I'm taking Glyph's suggestion and bringing this to the mailing list. :)
I still believe it was unwise to remove the support for the extra EC curves
in PR #749 for a few reasons that I've said in a few different places so
I'll summarize them here.
* Support for more curves is better. It gives more options to users and
developers such as myself who want to use Twisted for custom environments.
All of this widens the support base.
* These are all curves suggested in RFC 5656, and I believe the more
Twisted supports the RFC the better.
* There are cases for using alternative curves. NIST-T-571 is stronger
than any of the currently supported curves. NIST-K-163 is weaker, but
there are still uses for it. I may be working in an embedded environment
where every CPU cycle counts and I just need simple encryption to protect
against simple plain text scanning.
* Having extra curves does not make Twisted less secure. SSH negotiates
encryption based on a list of preferred ciphers. We put the strongest
ciphers first and the weaker curves only get used if nothing better is
available where weak encryption is still better than no encryption.
There are other reasons why I think it makes sense to have the curves in
Twisted but these are the main ones.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-python/attachments/20170417/1a5252a3/attachment.html>
More information about the Twisted-Python
mailing list