Wanted to double check if the allow list process for ECDSA certs is still active? I submitted the google form 2 weeks ago and the only information I could find says it should take about a week to process. But I'm still waiting a couple weeks later with no response.
Was really hoping to make this switch before my next renewal.
Yes, the list is still in use. We usually deploy new entries about once a week, but that can depend on what else is going on.
Any idea for how long this list is going to be used? I have to manually copy the account directory to every new server I create. It would be nice to get ECDSA only certs directly.
We are probably going to continue through to the end of the year at least.
There's going to be more communication on this soon, but we're going to do our next set of ECDSA intermediates a bit differently, and we'll have a clearer path to general availability for them.
Please elaborate
We will have announcements soon.
Our plan is roughly to sign ecdsa intermediates with both x1 and x2, so there’s a short path to x1 (leaf, e5, x1) or a pure ecdsa chain (leaf, e5, x2) or a long chain (leaf, e5, x2, x1). Then you can choose what you want with your acme client instead of needing any opt-in changes from us.
This isn’t finalized yet but you can look at tests in the ceremony-demos repo on github if you want: Add 2023 ceremony files by pgporada · Pull Request #11 · letsencrypt/ceremony-demos · GitHub
There’s some details to sort out still, but we aren’t likely to remove the opt-in list until the new configuration is ready later this year.
Hopefully there will be an option to choose pure ecdsa only short chain since I am not interested in RSA chain.
Sounds like that is part of the plan 
How is the progress on the short chain?
There are no updates yet. We are planning to issue a pure ecdsa chain soon. Note that a ceremony to sign new intermediates requires significant coordination, paperwork, and travel, so we haven't yet scheduled it. It will be in the next few months.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.