Re: [TLS] Updated EdDSA in TLS drafts

Simon Josefsson <> Tue, 16 June 2015 10:02 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 83E8A1AD0B3 for <>; Tue, 16 Jun 2015 03:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aXIw_AluLBVj for <>; Tue, 16 Jun 2015 03:02:43 -0700 (PDT)
Received: from ( [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 653761ACE65 for <>; Tue, 16 Jun 2015 03:02:43 -0700 (PDT)
Received: from ([]) (authenticated bits=0) by (8.14.4/8.14.4/Debian-4) with ESMTP id t5GA2Vrs014055 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <>; Tue, 16 Jun 2015 12:02:32 +0200
From: Simon Josefsson <>
References: <> <>
OpenPGP: id=54265E8C; url=
Date: Tue, 16 Jun 2015 12:02:30 +0200
In-Reply-To: <> (Simon Josefsson's message of "Tue, 09 Jun 2015 10:36:53 +0200")
Message-ID: <>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [TLS] Updated EdDSA in TLS drafts
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Jun 2015 10:02:44 -0000

Hi.  The discussion about Curve25519 and ECPointFormat made me realize
that the same appears to apply to Ed25519.  So I have removed the
ECPointFormat registration and let the document say "use uncompressed".
Here is an updated document:

Anyone disagreeing with this, and would like to see an EdDSA
ECPointFormat for some reason?  Why?

Come to think of it, maybe the SignatureAlgorithm registration for eddsa
is unnecessary too, and we can overload the ecdsa value.  The NamedCurve
value "ed25519" should signal support for EdDSA anyway.

More review whether the draft would actually work for different TLS
versions (1.3 included) is appreciated.