Ondřej Surý <ondrej.s...@nic.cz> writes: > Dear colleagues, > > a new EdDSA for DNSSEC draft has been posted in CURDLE WG and is in > need of more reviewers ;). > > I merged Ed25519 and Ed448 drafts into one, removed reasoning why > EdDSA is superior for RFC and I-D in Normative references (thanks goes > to Paul Hoffman's review), and introduced using Signature Context[1] > in the signatures (thanks dkg for introducing me this idea) <-- this > one needs more work, because using Context is defined just for Ed448 > and we want to have it also for Ed25519.
Thank you for this work! I suggest to add text repeating the established best practice to not re-use keys for different purposes -- that solves the cross-protocol/domain problem better than contexts in my opinion. There may not be harm of using Ed448's contexts in your draft, but it sets an example that doing so is good enough to protect against that generic class of attacks when it isn't (see DJB's post on CFRG explaining how it isn't sufficient). /Simon
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
