Support Ed25519 and Ed448


#1

I hope let’e encrypt could issue EDDSA certificates as the recently published RFC Proposed Standard Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure and The Transport Layer Security (TLS) Protocol Version 1.3 allow EDDSA to be the TLS authentication method.


#2

The RFC status is of course a good step in the right direction, but Let’s Encrypt is bound by the CA/B Forum Baseline Requirements, the rules a public CA needs to adher to be trusted in browsers.

In section 6.1.5. “Key Sizes” you can read about the key algorithms (and their key lengths) allowed in certificates. Currently, only RSA and ECDSA with NIST P-256, P-384, or P-521 curves are allowed. No EdDSA unfortunately.

As far as I can tell, currently there are no ballots out on adding EdDSA to the BR.


#3

Okay…Thank you.
I remembered that the CAB BR updates very quickly… I can only hope that the CAB Forum could add EdDSA in the near future


#4

For your reference: there already exists an issue on the Boulder GitHub-page: https://github.com/letsencrypt/boulder/issues/3649

It was closed by @jsha when the RFC was still a draft, I guess policy is to not have future features open in the issues. Although I’m not sure why one wouldn’t want to keep track of stuff what probably ultimately is going to happen. Perhaps b/c of cleanliness of the issues :slight_smile:

Chances are, Let’s Encrypt wants to wait until the BR allows EdDSA, choosing not to invest the spare development time to a feature of which isn’t clear when or if it will become reality one day.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.


#6

#7

As DarkSpirit on GitHub points out, the IETF has standardized the OIDs for Ed25519 et al. Additional stuff that needs to happen before Let’s Encrypt can sign Ed25519 end-entity certificates:

  • Browsers need to implement it.
  • CA/Browser Forum needs to pass a ballot allowing its use.

Note that we won’t be able to generate Ed25519 intermediate certificates until / unless our HSM vendor releases firmware supporting them.