On Mon, Jul 20, 2015 at 12:55:37PM +0200, Hubert Kario wrote: > On Tuesday 14 July 2015 17:23:44 Simon Josefsson wrote: > > > > Compare how we "reuse" the ECDHE ciphersuite values to refer to > > Curve25519 (instead of defining new ciphersuites for Curve25519), and > > how we are "reusing" the "uncompressed" code point to refer to > > Curve25519-compressed code points (instead of defining new > > ECPointFormat). > > the point is, that if Ed25519 for signatures is defined, an implementation > that doesn't understand it[1] can't advertise that fact
Are you thinking about 1.0/1.1? In 1.2 it can: signature_algorithms (I'm not confident new signature algorithm would work without either that nor new ciphersuites). There are other shortcomings tho: - If Ed25519 is supported, one also needs to support Curve25519. - If Ed25519 and Curve448 are supported, one needs to support Curve25519 and Ed448. - And the cross case from previous. So with the same, in TLS 1.2, the following combinations would be possible: - None at all. - Curve25519 - Curve448 - Curve25519 & Curve448 - Curve25519 & Ed25519 - Curve448 & Ed448 - Curve25519 & Curve448 & Ed25519 & Ed448. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
