On Tue, Apr 12, 2016 at 03:56:45PM -0700, Rick Moen via luv-main wrote:
Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
The NIST problem is specific to /their/ earlier recommendations; and no, I don't think you can trust NIST.
For me specifically as opposed to most people here, the subversion of NIST was particularly irritating because it's funded by _my_ tax dollars. ('Their recommendtions' were seemingly fed to them by No Such Agency -- and NIST had the abysmal judgement to accept same uncritically.)
Don't worry, our tax dollars haven't been used much better: http://www.adversary.org/wp/2013/09/10/australias-dsd-recommends-weak-encryp... And before anyone pipes up with "they're ASD now" like certain pedants on Twitter, they weren't when that correspondence took place in 2012 (and they were in the process of changing names in 2013 when I went public).
But if you stay clear of the particular NIST EC option, then other EC options are okay.
Well, that's the interesting question, isn't it? It's not at all clear that such are OK. (Please see links.) Much has necessarily been cast into doubt.
There's been a *lot* of discussion of that on gnupg-users, so some selective Googling of the archives ought to answer a lot of questions. Curve25519 is already available in GPG 2.1 (and I think 2.0) for signing subkeys, but work is continuing on an equivalent encryption component. Regards, Ben