ECDSA certificate not NIST/HIPAA compliant, because SERVER CERTIFICATES ARE SIGNED WITH A WRONG ALGORITHM (sha256WithRSAEncryption instead ecdsa-with-SHA256)

Ilya_indigo · September 8, 2019, 11:03am

ECDSA certificate not NIST/HIPAA compliant, SERVER CERTIFICATES ARE SIGNED WITH A WRONG ALGORITHM (sha256WithRSAEncryption instead ecdsa-with-SHA256).
https://www.immuniweb.com/ssl/?id=cRcQCUmb

Why you sha256WithRSAEncryption instead ecdsa-with-SHA256?

tdelmas · September 8, 2019, 11:09am

Let’s Encrypt only provide leaf ECDSA certificates, signed by RSA intermediates. (or leaf RSA certificates, signed by RSA intermediates)

It will provide in the future, ECDSA certificates, signed by ECDSA intermediates: https://letsencrypt.org/upcoming-features/

Ilya_indigo · September 8, 2019, 11:15am

Thank you for the quick response!
I will wait for this support!

Tell me, please, do you support the signature of ECDSA certificates created using the X25519 curve?

Osiris · September 8, 2019, 3:48pm

No, Let's Encrypt doesn't support EdDSA. Mostly, I think, because it isn't allowed by the CA/B Forum.

Topic		Replies	Views
Signature Algorithm with SHA256ECDSA Feature Requests	13	10175	April 9, 2017
TLS 1.2 and TLS 1.3 need Curve25519 and Curve448 SSL certificates Issuance Policy	14	6676	July 27, 2023
Elliptic Curve Cryptography (ECC) Support Feature Requests	200	62721	June 19, 2016
"EC XXX bits (SHAXXXwithRSA)" versus "EC XXX bits (SHAXXXwithECDSA)"? What's the difference? Does it matter? Issuance Tech	25	5775	September 4, 2022
Support Ed25519 and Ed448 Feature Requests	11	9936	December 29, 2020

ECDSA certificate not NIST/HIPAA compliant, because SERVER CERTIFICATES ARE SIGNED WITH A WRONG ALGORITHM (sha256WithRSAEncryption instead ecdsa-with-SHA256)

Related topics