[TLS] Updated EdDSA/Ed25519 PKIX document

Simon Josefsson <simon@josefsson.org> Wed, 23 September 2015 08:33 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 323BB1A90B9; Wed, 23 Sep 2015 01:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id DCPfeh5jPcsF; Wed, 23 Sep 2015 01:33:43 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 399831A90B2; Wed, 23 Sep 2015 01:33:43 -0700 (PDT)
Received: from latte.josefsson.org ([]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t8N8XUkT021975 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 23 Sep 2015 10:33:31 +0200
X-Hashcash: 1:22:150923:pkix@ietf.org::jAU7Y69C4DrSexDc:2yzV
X-Hashcash: 1:22:150923:tls@ietf.org::vBH60bfgnUawp94b:1Rz3
From: Simon Josefsson <simon@josefsson.org>
To: pkix@ietf.org, tls@ietf.org
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
Date: Wed, 23 Sep 2015 10:33:29 +0200
Message-ID: <878u7xtu06.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/hKA3pr-o6j3zil3cQnyDLbcFE0o>
Subject: [TLS] Updated EdDSA/Ed25519 PKIX document
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 08:33:45 -0000

Hi all,

I have pushed out a new version of the document describing EdDSA public
keys, signatures and certificates for PKIX.  The change in -03 include
the addition of the prehash mode, test vectors generated by GnuTLS, and
a section recommending certain human readable names.


I've started a thread to discuss whether it is wortwhile to be able to
use the same Ed25519 key for both PureEdDSA mode and HashEdDSA signing,
and I'd appreciate feedback on whether people are interested in this and
generally if it is a good idea or not.  The complexity involved make me
shy away a bit from it, but it is fun to consider.  The thread is here: