Hi Yaron, [snipped]
> Do you want to say anything about EdDSA and the kerfuffle going on in > cfrg@ mailing list right now? No is a > good, and probably sane, answer. > > No. We discussed it briefly and although we added 25519 for the ECDH key > exchange, we are not > recommending (or even discussing) the use of EdDSA for signatures or certs. > So there's nowhere to even > include such a comment. The discussion in CFRG was not about EdDSA specifically, but about fault attacks on other deterministic signature schemes, including deterministic ECDSA. The draft currently recommends using deterministic ECDSA (as specified in RFC6979) over the classic one, so we seem to explicitly recommend what cryptographers express concerns of. On the other hand, it seems to me that "fault attacks" are outside Dolev-Yao model, so I'm not sure how relevant their concerns are in the context of the draft. Regards, Valery. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
