Status of ECDSA allow-list processing

There are documented (implicit) reasons, such as those stated here.

Essentially, the allow-list is/was meant to keep the number of early adopters relatively small, while ECDSA is being rolled out. This enables finding potential issues, avoiding potential mass-revocation events until everything is in good condition. The chain also only unfolds its full potential after ISRG Root X2 is in trust stores, so we're waiting for that. Now ISRG Root X2 has already reached a number of trust stores*, so I expect that the allow list will be removed somewhere this year. The numbers of accounts on the list is also growing steadily, so all should be good.

*ISRG Root X2 is currently in the following root programs/trust stores:

  • Mozilla: ISRG Root X2 is included in trust stores as of Firefox 97
  • Google: The Chrome Root Store proposal was updated on 2022-02-16 and now includes ISRG Root X2. AFAIK the Chrome Root Store is not yet used in Chrome though.
  • Windows: The Microsoft Root Program includes ISRG Root X2 since last year.

(Or in other words: The two programs still missing are Apple and Oracle)

5 Likes