[Servercert-wg] [cabfpub] Interest in Ed25519 and/or Ed448?
Ryan Sleevi
sleevi at google.com
Thu Mar 26 08:44:48 MST 2020
On Thu, Mar 26, 2020 at 9:13 AM Kurt Roeckx via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> On Thu, Dec 21, 2018, Phillip wrote:
> > If we wait for the hardware manufacturers to deploy, they will
> > wait for us and so on ad infinitum. We have a circle of ungranted
> > request. The way I see this process working is:
> >
> > 1. IRTF-CFRG examines, reviews and specifies algorithms
> > 2. IETF-TLS specifies code points for use in TLS
> > 3. CABForum approves use in WebPKI certificates
> > 4. Vendors deploy
>
> So we're more than a year later, again. The current state a year
> ago was that 1), 2), and 4) are actually done. What we're still
> waiting for is:
> - Browsers to support it
> - CABForum to allow it
>
> I didn't see 4) as a blocker. I would be happy with an EE certificate
> that uses Ed25519, assuming all certificates in the chain also
> supported the 128 bit security level. But over a year ago, there
> were multiple HSMs that supported Ed25519, and there currently is at
> least 1 that supports Ed448.
>
> So what really is the blocker to allow this?
>
It looks like you snipped some of the follow-up discussion that clarified
this. Was that intentional?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200326/deec2856/attachment-0001.html>
More information about the Servercert-wg
mailing list