On Fri, Sep 30, 2016 at 3:17 PM, Jeremy Rowley <jeremy.row...@digicert.com> wrote: > I'd like to start using EdDSA curves for customers (and push for HSM > support). This would be much easier if there weren't so many policies (that > pre-date development of the curves) preventing actual use of the tech. Any > thoughts on when/if the policy will change?
I also would like to see EdDSA signatures on certificates and certificates with subject public keys usable with EdDSA. To get there, we need several things, as described in https://cabforum.org/pipermail/public/2016-July/007974.html. EdDSA is getting there. https://tools.ietf.org/html/draft-irtf-cfrg-eddsa defines the signature algorithm. https://tools.ietf.org/html/draft-ietf-curdle-pkix-01 defines how to use it in a certificate. These need to be finalized. Then things we are missing parameter validation/requirements and key storage. It will be years before FIPS is updated to cover EdDSA (if ever), so something is going to need clarification in the CA/Browser Forum requirements. See https://cabforum.org/pipermail/public/2016-September/008481.html for an email I just sent yesterday about this. Depending on the outcome, we may be close to EdDSA for signing. Thanks, Peter -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
