[TLS] Strawman on EdDSA/Ed25519 in TLS

Simon Josefsson <simon@josefsson.org> Wed, 20 May 2015 17:15 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 993531A896D for <tls@ietfa.amsl.com>; Wed, 20 May 2015 10:15:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id OrEsg-CaplyE for <tls@ietfa.amsl.com>; Wed, 20 May 2015 10:15:06 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99CEA1A8932 for <tls@ietf.org>; Wed, 20 May 2015 10:15:05 -0700 (PDT)
Received: from iller (c-def5e555.014-1001-73746f1.cust.bredbandsbolaget.se []) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t4KHEoEi015562 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <tls@ietf.org>; Wed, 20 May 2015 19:14:55 +0200
Message-ID: <1432142087.2946.11.camel@josefsson.org>
From: Simon Josefsson <simon@josefsson.org>
To: tls@ietf.org
Date: Wed, 20 May 2015 19:14:47 +0200
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-f8dcQi7twUTHmn+QdMvF"
X-Mailer: Evolution 3.12.9-1+b1
Mime-Version: 1.0
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/293yIgm-FHlPVyVuJxXkQvfPFx4>
Subject: [TLS] Strawman on EdDSA/Ed25519 in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2015 17:15:07 -0000

Dear WG,

Support for EdDSA/Ed25519 in TLS has been suggested a couple of times.
I have started to work on an I-D to describe more precisely what that
would actually mean, and here is an initial strawman document:


I'm confident I missed some major pieces of the puzzle, but feedback and
review is welcome so the document can be improved into something that
can be implemented and interoperate.

Until the main parts have been fleshed out please email me directly and
I'll try to do the best I can to merge feedback into the document.  If
the WG chairs permit, that discussion could also be done on this list.
The best form of feedback would be in the form of merge requests or a
clearly described issue in the issue tracker.  Please see:


One aspect I'm aware of is that there is no OID allocated nor
specification of PKIX certificates with EdDSA/Ed25519 public keys.  I'm
not sure the above document is the right place for doing that though,
and more thinking around this topic is especially appreciated.