document P256 and BoringCrypto (#865)

* document P256 and BoringCrypto Some basic descriptions of P256 and BoringCrypto added to the bottom of README.md so that their prupose is not a mystery. * typo
2023-05-09 11:24:52 -04:00 · 2023-05-09 11:24:52 -04:00 · 0707caedb4
parent bd9cc01d62
commit 0707caedb4
1 changed files with 11 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -118,6 +118,17 @@ To build nebula for a specific platform (ex, Windows):

 See the [Makefile](Makefile) for more details on build targets

+## Curve P256 and BoringCrypto
+
+The default curve used for cryptographic handshakes and signatures is Curve25519. This is the recommended setting for most users. If your deployment has certain compliance requirements, you have the option of creating your CA using `nebula-cert ca -curve P256` to use NIST Curve P256. The CA will then sign certificates using ECDSA P256, and any hosts using these certificates will use P256 for ECDH handshakes.
+
+In addition, Nebula can be built using the [BoringCrypto GOEXPERIMENT](https://github.com/golang/go/blob/go1.20/src/crypto/internal/boring/README.md) by running either of the following make targets:
+
+    make bin-boringcrypto
+    make release-boringcrypto
+
+This is not the recommended default deployment, but may be useful based on your compliance requirements.
+
 ## Credits

 Nebula was created at Slack Technologies, Inc by Nate Brown and Ryan Huber, with contributions from Oliver Fross, Alan Lam, Wade Simmons, and Lining Wang.