"EC XXX bits (SHAXXXwithRSA)" versus "EC XXX bits (SHAXXXwithECDSA)"? What's the difference? Does it matter?

Huh? That doesn't make any sense to me. Again, ECDSA is not an encryption algorithm. Nothing is encrypted or decrypted with ECDSA. ECDSA is only involved in two places during the handshake:

  1. Certificate verification
  2. Proof of key possession by the server

You say that "certificate verification is negligible", so you are apparently not refering to 1. 2. is what I was saying with "only improves the server-side", as the client only verifies this proof. This is usually slightly faster for RSA, especially if no hardware acceleration is present. ECDSA can not save any CPU here, as it performs more computations, not less. It is however smaller, and therefore certificate transport and parsing may be faster - thus coming around to size reduction again.

(And just to make this absolutely unambiguous: Once the handshake has run no asymmetric algorithm is used, neither RSA nor ECDSA)

4 Likes

Thanks all for the insights

I was looking through documentation (Integration Guide - Let's Encrypt) and I saw this:

Our recommendation is to serve a dual-cert config, offering an RSA certificate by default, and a (much smaller) ECDSA certificate to those clients that indicate support.

but it says hasn't been updated since 2016.... is this still a recommendation? (also, was LetsEncrypt even issuing ECDSA in 2016? update date might be wrong?)

I tried dual-certificate on my server and it seems to be working okay, my TLS 1.2 cipher list is looking less anemic while still keeping all the scores at 100

3 Likes

I would recommend that for a normal user-facing web site, using an ECDSA certificate (without getting on the allowlist and so signed by R3) is perfectly fine, and may have some advantages over RSA.

For a web site that doesn't need to care about older Android users, or for something like a back-end API where you have control over the client, then using an ECDSA certificate with ECDSA intermediates is the way to go.

For something like an email server, where there are still a lot of weird old things out there, either stick with RSA or do a dual-cert with both an RSA and ECDSA certificate.

But that's just my opinion as a random person on the Internet; other people might have different ones.

7 Likes

You are right. I have not had coffee in the past month(!) and am getting everything confused.

4 Likes

Weird, the lastmod field is set to "2020-12-08", but for some reason the site generator doesn't use that one, but the original date?

3 Likes