Damien Miller <djm@xxxxxxxxxxx> writes: > On Thu, 8 Oct 2015, Douglas E Engert wrote: > >> Then what is: >> 1.3.6.1.4.1.11591.15.1 Ed25519 >> >> defined here: >> https://www.gnu.org/prep/standards/html_node/OID-Allocations.html >> >> The whole idea of namedCurve was you did not have to pass in the parameters, >> and PKIX certificates only allow namedCurve. > > Ed25519 is a different algorithm to ECDSA, not just a different curve. Still it might work anyway. We noticed this with TLS and PKIX. While EdDSA is different from "normal" ECDSA, by using a namedCurve value corresponding to Ed25519 you tell implementations you really mean EdDSA. This is usually enough. Then EdDSA can be used in the already existing ECDSA umbrella. Of course, it has to be implemented and tested to iron out any problems. /Simon
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev