Open Bug 1597057 Opened 5 years ago Updated 1 year ago

Curve448 or named Ed448-Goldilocks support needed (both X448 key exchange and Ed448 signature algorithm )

Categories

(NSS :: Libraries, enhancement, P5)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: Tom25519, Unassigned, NeedInfo)

References

Details

User Agent: Mozilla/5.0 (Linux; Android 9; YAL-AL50) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36

Expected results:

Does Firefox using NSS for https? If yes, NSS seems doesn't support Ed448-Goldilocks
or named Curve448, which is providing ~224 bits security, if possible, please add the support of Curve448 whatever TLS implementation Firefox using. See also: https://en.m.wikipedia.org/wiki/Comparison_of_TLS_implementations#Supported_elliptic_curves

Elliptic Curves for Security
https://tools.ietf.org/html/rfc7748
SafeCurves: choosing safe curves for elliptic-curve cryptography
https://safecurves.cr.yp.to

Assignee: nobody → nobody
Component: Untriaged → Libraries
OS: Unspecified → All
Product: Firefox → NSS
QA Contact: jjones
Hardware: Unspecified → All
Version: unspecified → other

We'd review an implementation for this. We'd prefer a verified implementation from the HACL* project, which I believe is targeting this for use as a ciphersuite for TLS. Marking P5, would accept patches.

Priority: -- → P5
Summary: Curve448 or named Ed448-Goldilocks support needed → Curve448 or named Ed448-Goldilocks support needed (both X448 key exchange and Ed448 signature algorithm )
Severity: normal → S3

Since the current 2.4 series of GnuPG supports Ed448 and larger asymmetric key sizes are definitely needed to match AES keys >128bit, I strongly support its implementation, especially for OpenPGP in TB!

I think for now we don't have plans to support Curve448, but we might in future..

Tagging Kai for visibility.

Flags: needinfo?(kaie)
You need to log in before you can comment on or make changes to this bug.