I am very familiar with RSA Cryptography, but Elliptic Curve is new to me. I have been working on ECDSA support for my ACME client in anticipation of the forthcoming EC roots, and have a handful of questions. If anyone is knowledgable on these points, I would be grateful. I haven't found any good primers on EC that cover the types of information that I am looking to understand.
- LetsEncrypt Rate Limits
Does the Certificate Type factor into the DuplicateCertificate Rate limit? I assume it does not, but I wanted to check. ( Context: According to Certbot's docs, a given person might want to deploy both RSA and EC Certificates see User Guide — Certbot 1.11.0.dev0 documentation )
- One feature of our ACME-Client/CertificateManager is tracking Certificate and PrivateKey data. When dealing with only RSA keys, a simple and useful feature has been to track the modulus of Certificates and Private Keys. It has been very useful when troubleshooting deployments and configurations.
2-A. Is there anything comparable with EC keys? I have heard of people extracting the public key and fingerprinting that; and also using a tuple of the selected curve along with one of the internal payloads. I'm not sure what the reciprocal element of Certificate is. Is there a commonly accepted approach here?
2-B. What about mixed systems? It's possible for someone to use an EC Private key now, and get an RSA signed certificate. Is there any shared mapping that can be derived from these?
Thank you for your time reading this, and if you have any pointers I would be grateful for those as well.