<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EstiloCorreo19
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>BTW, it was already opened in GitHub<o:p></o:p></span></p><p class=MsoNormal><a href="https://github.com/cabforum/servercert/issues/451"><span lang=EN-US>https://github.com/cabforum/servercert/issues/451</span></a><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>De:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Q Misell <q@as207960.net> <br><b>Enviado el:</b> lunes, 10 de junio de 2024 16:49<br><b>Para:</b> Inigo Barreira <Inigo.Barreira@sectigo.com><br><b>CC:</b> Ben Wilson <bwilson@mozilla.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg@cabforum.org><br><b>Asunto:</b> Re: [Servercert-wg] Ed25519 certificates<o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><p class=MsoNormal>Thanks for passing that on, I'll keep a close eye on that proposal.<o:p></o:p></p><div class=MsoNormal align=center style='text-align:center'><hr size=1 width="100%" align=center></div><p><span style='font-size:9.0pt;color:#6C757D'>Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № <a href="https://find-and-update.company-information.service.gov.uk/company/12417574" target="_blank">12417574</a>, LEI 875500FXNCJPAPF3PD10. ICO register №: <a href="https://ico.org.uk/ESDWebPages/Entry/ZA782876" target="_blank">ZA782876</a>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. <o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Mon, 10 Jun 2024 at 15:21, Inigo Barreira <<a href="mailto:Inigo.Barreira@sectigo.com">Inigo.Barreira@sectigo.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt'>FYI. TBD next week at the ETSI ESI meeting.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Title: Proposed CR#7 on TS 119 312: Introduce EdDSA incl. its variants (Ed448 and Ed25519)</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Source: European Commission <br><br>Abstract: ETSI TS 119 312 provides guidance on selection of cryptographic suites with particular emphasis on interoperability. The Edwards-Curve Digital Signature Algorithm (EdDSA) is a state-of-the-art algorithm for electronic signatures. It is recommended by experts in cryptography and information security and adopted in many Internet security applications and specifications. Unfortunately, the currently published version of TS 119 312 does not reference EdDSA. This change request proposes to add EdDSA as a recommended digital signature algorithm to TS 119 312. The European Commission’s eDelivery Building Block is updating its eDelivery AS4 guidelines and would like to use EdDSA as digital signature algorithm in the updated version. Addition of EdDSA to TS 119 312 would contribute to the continued broad adoption of eDelivery AS4 as an interoperable, open standards-based eDelivery solution based on state-of-the-art security.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-color:currentcolor currentcolor'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>De:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>> <b>En nombre de </b>Ben Wilson via Servercert-wg<br><b>Enviado el:</b> sábado, 8 de junio de 2024 19:28<br><b>Para:</b> Q Misell <<a href="mailto:q@as207960.net" target="_blank">q@as207960.net</a>>; CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br><b>Asunto:</b> Re: [Servercert-wg] Ed25519 certificates</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div style='border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:12.0pt;background:#FAFA03'><span lang=EN-US style='font-size:10.0pt;font-family:"Calibri",sans-serif;color:black'>CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US> </span><o:p></o:p></p><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Hi Q,</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>I'm checking with the crypto team here at Mozilla and will let you know from our perspective.</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Thanks,</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Ben</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US> </span><o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>On Sat, Jun 8, 2024 at 4:39</span><span lang=EN-US style='font-family:"Arial",sans-serif'> </span><span lang=EN-US>AM Q Misell via Servercert-wg <</span><a href="mailto:servercert-wg@cabforum.org" target="_blank"><span lang=EN-US>servercert-wg@cabforum.org</span></a><span lang=EN-US>> wrote:</span><o:p></o:p></p></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Hi all,</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>At the Tor meeting a few weeks ago I had some discussions with people asking why Ed25519 certificates are not allowed under the BR (§ 6.1.5). As far as I can tell there isn't much of a reason not to allow Ed25519 certs (if a CA wishes to support them ofc) and there were a few scenarios presented to me where Ed25519 certs would be useful in the context of Tor, which already makes heavy usage of Ed25519 keys.</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>Would there be motivation to change the rules to allow Ed25519 certs, or is there some reason I'm missing as to why they're not allowed?</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thanks,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Q Misell<o:p></o:p></p><div class=MsoNormal align=center style='text-align:center'><hr size=1 width="100%" align=center></div><p><span lang=EN-US style='font-size:9.0pt;color:#6C757D'>Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fe.as207960.net%2Fw4bdyj%2Fxa9BLe6P&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C4b4712c830324ac756da08dc87e05a7e%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638534644894584806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SM171wmCTojaom3MWlX5MUZF4jlUlJmx7Zg4J2Eq6Z4%3D&reserved=0" target="_blank"><span lang=EN-US style='font-size:9.0pt'>12417574</span></a><span lang=EN-US style='font-size:9.0pt;color:#6C757D'>, LEI 875500FXNCJPAPF3PD10. </span><span style='font-size:9.0pt;color:#6C757D'>ICO register №: </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fe.as207960.net%2Fw4bdyj%2Fh2BMZREa&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C4b4712c830324ac756da08dc87e05a7e%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638534644894596564%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=1Q7fzWI5%2BUpjT8xYpmD9TLF8l7LjkRL5nREqDzchD1U%3D&reserved=0" target="_blank"><span style='font-size:9.0pt'>ZA782876</span></a><span style='font-size:9.0pt;color:#6C757D'>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. </span><span lang=EN-US style='font-size:9.0pt;color:#6C757D'>South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. </span><o:p></o:p></p></div></div><p style='margin:0cm;line-height:0%'><img border=0 width=1 height=1 style='width:.0069in;height:.0069in' id="_x0000_i1027" src="https://e.as207960.net/img/w4bdyj/kulEk2VowWMS"><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US>_______________________________________________<br>Servercert-wg mailing list<br></span><a href="mailto:Servercert-wg@cabforum.org" target="_blank"><span lang=EN-US>Servercert-wg@cabforum.org</span></a><span lang=EN-US><br></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C4b4712c830324ac756da08dc87e05a7e%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638534644894604965%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=60ZIrZGBb1LCy%2FdotmrLTw3EUJj2S%2B9m6XNHasqXGwM%3D&reserved=0" target="_blank"><span lang=EN-US>https://lists.cabforum.org/mailman/listinfo/servercert-wg</span></a><o:p></o:p></p></blockquote></div></div></div></div></div></blockquote></div></div></body></html>