[Servercert-wg] [cabfpub] Interest in Ed25519 and/or Ed448?
Kurt Roeckx
kurt at roeckx.be
Thu Mar 26 06:13:30 MST 2020
On Thu, Dec 21, 2018, Phillip wrote:
> If we wait for the hardware manufacturers to deploy, they will
> wait for us and so on ad infinitum. We have a circle of ungranted
> request. The way I see this process working is:
>
> 1. IRTF-CFRG examines, reviews and specifies algorithms
> 2. IETF-TLS specifies code points for use in TLS
> 3. CABForum approves use in WebPKI certificates
> 4. Vendors deploy
So we're more than a year later, again. The current state a year
ago was that 1), 2), and 4) are actually done. What we're still
waiting for is:
- Browsers to support it
- CABForum to allow it
I didn't see 4) as a blocker. I would be happy with an EE certificate
that uses Ed25519, assuming all certificates in the chain also
supported the 128 bit security level. But over a year ago, there
were multiple HSMs that supported Ed25519, and there currently is at
least 1 that supports Ed448.
So what really is the blocker to allow this?
Kurt
More information about the Servercert-wg
mailing list