[Servercert-wg] Ed25519 in certificates

Tim Hollebeek tim.hollebeek at digicert.com
Tue Jun 25 10:41:12 MST 2019


What do people think about a ballot allowing certificates based on Ed25519?
It's widely supported, more efficient, and more resistant to side channel
attacks.  It's supported by Boring SSL and OpenSSL, as well as other popular
crypto libraries.  It's been standardized at IETF (RFC 8032), and TLS 1.3
(RFC 8446) not only supports it, but encourages its use.  Some customers
prefer non-NIST curves for various reasons.  It's already widely used for
DNSSEC . the Web PKI is falling behind, as usual.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190625/b103c0c1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190625/b103c0c1/attachment.p7s>

More information about the Servercert-wg mailing list