RFR CSR: JDK-8254709 (Support for EdDSA signature scheme in JSSE)
Xuelei Fan
xuelei.fan at oracle.com
Wed Oct 21 22:13:56 UTC 2020
On 10/21/2020 1:01 PM, Jamil Nimeh wrote:
>> I'm not very sure why EdDSA cannot apply to ServerKeyExchange and
>> CertificateVerify in TLS 1.0 and 1.1. ServerKeyExchange and
>> CertificateVerify is used to authenticate the server or the client's
>> possession of the private key of the cert. So if EdDSA cannot be used
>> for them, the EdDSA certificate should not be selected for TLS 1.0/1.1
>> as well. I did not read the RFC fully yet, it looks like that EdDSA
>> can be used for TLS 1.0/1.1 ServerKeyExchange and CertificateVerify as
>> well. I may miss something.
> JN: So far I have yet to find a server implementation that will accept a
> 1.0/1.1 client hello with no signature_algorithms extension and not
> barf.
It's OK if we don't want to support EdDSA for TLS 1.0/1.1 for some
reason. Although I would prefer to support for better interoperability.
I did not get the idea of the CSR. It may be nice to have a explicit
statement that we don't support certificates of EdDSA-capable public key
for TLS 1.0 and 1.1.
Xuelei
More information about the security-dev
mailing list