2020.01.15 20:35:01 (1217530648274980864) from Daniel J. Bernstein, replying to "hannoππππ (@hanno)" (1217483731742662656):
See https://cr.yp.to/newelliptic/nistecc-20160106.pdf (from @hyperelliptic and me), which says in Β§1 that "unnecessary complexity in ECC implementations" creates "ECC security failures", and says in Β§11 that allowing run-time curve choices causes "obvious damage to implementation simplicity". Told ya so.
2020.01.15 17:26:46 (1217483273322074114) from "hannoππππ (@hanno)":
There's something about this Windows/ECC vuln that bugs me. I had known this feature for custom curves exists. My opinion on it was "This looks like useless complexity and asking for trouble, nobody should ever implement it".
2020.01.15 17:27:19 (1217483410983346177) from "hannoππππ (@hanno)", replying to "hannoππππ (@hanno)" (1217483273322074114):
I am not sure if I ever wrote about this anywhere. So I can't even say "told ya so". But I'm sure this is not my private opinion, I'm sure you could ask any random person familiar with TLS and chances are they'd share that opinion.
2020.01.15 17:27:55 (1217483563345629192) from "hannoππππ (@hanno)", replying to "hannoππππ (@hanno)" (1217483410983346177):
Yet it seems Microsoft has implemented this relatively recently. Why? Has noone told them "this is useless complexity and asking for trouble"? And should we have done that?
2020.01.15 17:28:36 (1217483731742662656) from "hannoππππ (@hanno)", replying to "hannoππππ (@hanno)" (1217483563345629192):
I mean should I have written a paper "This looks like useless complexity and asking for trouble"? It would be a pretty short paper, but I could say "told ya so" now if I had written it.