FYI. TBD next week at the ETSI ESI meeting.
Title: Proposed CR#7 on TS 119 312: Introduce EdDSA incl. its variants (Ed448 and Ed25519) Source: European Commission Abstract: ETSI TS 119 312 provides guidance on selection of cryptographic suites with particular emphasis on interoperability. The Edwards-Curve Digital Signature Algorithm (EdDSA) is a state-of-the-art algorithm for electronic signatures. It is recommended by experts in cryptography and information security and adopted in many Internet security applications and specifications. Unfortunately, the currently published version of TS 119 312 does not reference EdDSA. This change request proposes to add EdDSA as a recommended digital signature algorithm to TS 119 312. The European Commission’s eDelivery Building Block is updating its eDelivery AS4 guidelines and would like to use EdDSA as digital signature algorithm in the updated version. Addition of EdDSA to TS 119 312 would contribute to the continued broad adoption of eDelivery AS4 as an interoperable, open standards-based eDelivery solution based on state-of-the-art security. De: Servercert-wg <servercert-wg-boun...@cabforum.org> En nombre de Ben Wilson via Servercert-wg Enviado el: sábado, 8 de junio de 2024 19:28 Para: Q Misell <q...@as207960.net>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg@cabforum.org> Asunto: Re: [Servercert-wg] Ed25519 certificates CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Q, I'm checking with the crypto team here at Mozilla and will let you know from our perspective. Thanks, Ben On Sat, Jun 8, 2024 at 4:39 AM Q Misell via Servercert-wg < <mailto:servercert-wg@cabforum.org> servercert-wg@cabforum.org> wrote: Hi all, At the Tor meeting a few weeks ago I had some discussions with people asking why Ed25519 certificates are not allowed under the BR (§ 6.1.5). As far as I can tell there isn't much of a reason not to allow Ed25519 certs (if a CA wishes to support them ofc) and there were a few scenarios presented to me where Ed25519 certs would be useful in the context of Tor, which already makes heavy usage of Ed25519 keys. Would there be motivation to change the rules to allow Ed25519 certs, or is there some reason I'm missing as to why they're not allowed? Thanks, Q Misell _____ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fe.as207960.net%2Fw4bdyj%2Fxa9BLe6P&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C4b4712c830324ac756da08dc87e05a7e%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638534644894584806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SM171wmCTojaom3MWlX5MUZF4jlUlJmx7Zg4J2Eq6Z4%3D&reserved=0> 12417574, LEI 875500FXNCJPAPF3PD10. ICO register №: <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fe.as207960.net%2Fw4bdyj%2Fh2BMZREa&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C4b4712c830324ac756da08dc87e05a7e%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638534644894596564%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=1Q7fzWI5%2BUpjT8xYpmD9TLF8l7LjkRL5nREqDzchD1U%3D&reserved=0> ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. <https://e.as207960.net/img/w4bdyj/kulEk2VowWMS> _______________________________________________ Servercert-wg mailing list <mailto:Servercert-wg@cabforum.org> Servercert-wg@cabforum.org <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C4b4712c830324ac756da08dc87e05a7e%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638534644894604965%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=60ZIrZGBb1LCy%2FdotmrLTw3EUJj2S%2B9m6XNHasqXGwM%3D&reserved=0> https://lists.cabforum.org/mailman/listinfo/servercert-wg
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
