On Wed, May 30, 2018 at 12:56 PM, Salz, Rich <[email protected]> wrote:
> > - Well, we have a fair bit of experience of a lot of people talking to > Let's Encrypt. That's not really the same as a lot of servers and a lot of > clients. > > > > We have multiple CA’s that support it, and other implementations as well. > Certainly LE dominates, but it’s not the only usage. And certainly not the > only anticipated future usage. > Right. And the purpose of the MTI is usually to make future interop work better. > > > - I would match the TLS ones: MUST ECDSA with P-256, SHOULD EdDSA with > X25519. > > > > That would make the MTI limited to a subset of the WebPKI supported by the > latest browsers, which seems wrong. But let’s not bikeshed too much and > see what the WG consensus is. > I'm not following your point here. Remember, I'm not talking about the MTI for what the *certs* contain, but rather for what the protocol uses for its in-protocol signatures. There's no reason you can't use an ECDSA key to authorize issuance of an RSA cert (Which would presumably be in a self-signed PKCS#10 blob with RSA), or for that matter, an XMSS cert. The reason I chose those values is because you're already tied to TLS for the communications and therefore you necessarily have the TLS MTI cipher suites, which means you already have those algorithms. -Ekr >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
