X25519 has seen broad adoption (in the key exchange). Ed25519 has not, you can't...

throw0101c · 2025-01-08T19:28:42 1736364522

> (and to some extent NIST, because Ed25519 has not been approved by them).

Ed25519 (and Ed448) have been approved for use in FIPS 186-5 as of February 2023:

* https://en.wikipedia.org/wiki/EdDSA#Standardization_and_impl...

Avamander · 2025-01-09T10:14:12 1736417652

Oh, great to know. That gives me hope that we'll see Ed25519 certificates at some point then.

brohee · 2025-01-09T13:37:30 1736429850

THE CABForum just updated its guidelines (in December) and elliptic curve wise only NIST P-256, NIST P-384 and NIST P-521 are accepted. (See https://cabforum.org/working-groups/server/baseline- requirements/requirements/#615-key-sizes)

So on the general web it seems remote at best.

throw0101c · 2025-01-09T17:35:47 1736444147

> THE CABForum just updated its guidelines (in December) and elliptic curve wise only NIST P-256, NIST P-384 and NIST P-521 are accepted.

NIST P-curve certs were acceptable per the Base Requirements all the way back in 2012

* https://cabforum.org/uploads/Baseline_Requirements_V1_1.pdf

See "Appendix A - Cryptographic Algorithm and Key Requirements (Normative)", (3) Subscriber Certificates.

brohee · 2025-01-10T11:20:54 1736508054

I'm well aware I should have added a "still" in the sentence somewhere. All efforts to have Ed25519 on the general web seem to run out of steam, we can find https://www.ietf.org/archive/id/draft-moskowitz-eddsa-pki-06... IETF side, https://lists.cabforum.org/pipermail/servercert-wg/2024-June... is the last discussion CABforum side.

Ed25519 certs do work with TLS (OpenSSL support at least), but without browser adoption it's machine to machine with private CA only .