Re: [Sidrops] Signed Object signed with Ed25519 (RFC 8419 proof-of-concept)

Job Snijders <> Mon, 04 September 2023 11:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5286BC15198D for <>; Mon, 4 Sep 2023 04:26:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lTqkeHBZBcWK for <>; Mon, 4 Sep 2023 04:26:39 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 0C779C151533 for <>; Mon, 4 Sep 2023 04:26:38 -0700 (PDT)
Received: by with SMTP id 4fb4d7f45d1cf-5230a22cfd1so1860125a12.1 for <>; Mon, 04 Sep 2023 04:26:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; t=1693826797; x=1694431597;; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=gnB19Zp0gPTpey/v/PRYeYs3dz7/ZADYbvO2wW9sSLo=; b=l2loKQvHMCjCjX/+E8HPGgtKci1CljC3txQ+XavUITKMxqUkZgYjxy/UHmnWE4ax9T k4sYonPcaZjEvhSB/LOTC3ocgRrPsHFjAWTdy/1uUdPwdWe/ehr+VljiRphSZGFX7uTK rALxORlsIzUlCt5wiNvkmna42kJq3XSiAbuEU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20221208; t=1693826797; x=1694431597; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=gnB19Zp0gPTpey/v/PRYeYs3dz7/ZADYbvO2wW9sSLo=; b=KY+03seav6GDNRn2z81LCMjDqmhV7Aaura/tYy4zE20TOG7pEvfcwaWpXaBV8h6qk5 R/0Vmm3mdgU1mNBais14SR/0U7ktYCpKMjGAx5WX93BaPaLkh+0H5qipJhtEtYdichFi 9K1pJxQ8vmu9LHfn0FVyfpKuGJDPCLp5o79PuHf9TpXVDBx/A6T7PvFLvUDQh21IHpr1 /yH5Oqmsbu6ko1Znb2n7Uu3S9ff56lAQv/TehNg2FMn22ZWbNmnxQTxXgz3+5dtAE9wF Laag/NFaiXUz7rIYk/RifimTTja4S0yvFEoqBCgPJA8nOGncwattsFDzalIZPPH/AXW0 BR6A==
X-Gm-Message-State: AOJu0Yyn25A/TKb5s6lKD16qPGNTniZR1Cw4L9MInQ2pxWjcninQw9H6 8wv+aRng+PZn3uWOF6AGxHeYVGJT6Q612vhz1NzLhg==
X-Google-Smtp-Source: AGHT+IH74QuTQw40UaoNBcL+hLKphivuUxNJifYAz+UajdYnxIO+YODhISjGCiNzYaFHkkidKsaOfw==
X-Received: by 2002:a17:906:109a:b0:9a1:6bc1:b518 with SMTP id u26-20020a170906109a00b009a16bc1b518mr6582568eju.29.1693826797273; Mon, 04 Sep 2023 04:26:37 -0700 (PDT)
Received: from snel ([2a10:3781:276:3:16f6:d8ff:fe47:2eb7]) by with ESMTPSA id g21-20020a170906349500b0098f33157e7dsm6010026ejb.82.2023. (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Sep 2023 04:26:36 -0700 (PDT)
Date: Mon, 04 Sep 2023 13:26:35 +0200
From: Job Snijders <>
To: Ties de Kock <>
Message-ID: <ZPW+682GaAFXymLo@snel>
References: <ZPS/VK+6Q8a4dHgA@snel> <>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MiZzR+uL2K6RsfDz"
Content-Disposition: inline
In-Reply-To: <>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <>
Subject: Re: [Sidrops] Signed Object signed with Ed25519 (RFC 8419 proof-of-concept)
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 Sep 2023 11:26:43 -0000

On Mon, Sep 04, 2023 at 12:18:59PM +0200, Ties de Kock wrote:
> I proposed using ECDSA-signed objects due to the ecosystem maturity
> and provided test objects in private [0].

Which RFC specifies the parameters to use with ECDSA in CMS? I'm looking
for something along the lines of RFC 8419.

I generated a secp256k1/sha256 ASPA object, but unfortunately the
filesize reduction in semantically equivalent objects is only half that
of Ed25519. See below:

RSA EE w/ RSA CA:              1701 bytes [1]
secp256k1 w/ sha256 w/ RSA CA: 1463 bytes (attached)
Ed25519 EE w/ RSA CA:          1281 bytes [2]

Over the years ECDSA seems to be facing increasing criticism,
specifically due to the difficulty of correctly and safely implementing
the standard. As many consider this aspect of ECDSA a dangerous
primitive, ECDSA would not be my go-to choice for future work.

I'm happy to report that extending LibreSSL and OpenSSL to support use
of Ed25519 in CMS is a trivial patch (as both libraries already
supported Ed25519 signing & verification operations).

Support for Ed25519 in HSMs indeed remains an open question. Perhaps now
that the algorithm is FIPS-approved more HSM vendors will feel
comfortable adding it to their roadmaps? Thank you for sharing that
Bouncy Castle still needs some work, it's good to identify such gaps.

Kind regards,



ps. Your test object threw errors: 'RSYNC://' != 'Rsync://' in the SIA.