Skimming over that NCSC document, it looks like they are mostly in agreement with the biggest difference being the size of RSA and FF-DHE keys. Mozilla recommends 2048 bits for both while the NCSC document recommends 3072 bits. In practice 2048 should provide sufficient security but 3072 bits is technically required to match the security of 256-bit ECC. The new Mozilla guidelines are also somewhat more aggressive about getting rid of older/weaker cryptographic algorithms. Thanks for the link to that document, BTW, it’s very well written.
- Need to disconnect ADEMCO VISTA-10SE alarm system – persistent low battery sensor beeping
- Barr declares emergency to make millions available for Alaska’s crime-fighting efforts – The Washington Post