RFR CSR: JDK-8254709 (Support for EdDSA signature scheme in JSSE)

Xuelei Fan xuelei.fan at oracle.com
Wed Oct 21 22:13:56 UTC 2020


On 10/21/2020 1:01 PM, Jamil Nimeh wrote:
>> I'm not very sure why EdDSA cannot apply to ServerKeyExchange and 
>> CertificateVerify in TLS 1.0 and 1.1. ServerKeyExchange and 
>> CertificateVerify is used to authenticate the server or the client's 
>> possession of the private key of the cert.  So if EdDSA cannot be used 
>> for them, the EdDSA certificate should not be selected for TLS 1.0/1.1 
>> as well.  I did not read the RFC fully yet, it looks like that EdDSA 
>> can be used for TLS 1.0/1.1 ServerKeyExchange and CertificateVerify as 
>> well.  I may miss something.
> JN: So far I have yet to find a server implementation that will accept a 
> 1.0/1.1 client hello with no signature_algorithms extension and not 
> barf.
It's OK if we don't want to support EdDSA for TLS 1.0/1.1 for some 
reason.  Although I would prefer to support for better interoperability.

I did not get the idea of the CSR.  It may be nice to have a explicit 
statement that we don't support certificates of EdDSA-capable public key 
for TLS 1.0 and 1.1.

Xuelei



More information about the security-dev mailing list