Re: Importance of ECDSA for TLS (was: PSS for TLS 1.3)
Paterson, Kenny <Kenny.Paterson <at> rhul.ac.uk>
2015-03-27 16:10:44 GMT
On 24/03/2015 12:11, "Ilari Liusvaara" <ilari.liusvaara <at> elisanet.fi> wrote:
>On Mon, Mar 23, 2015 at 07:42:26PM +0000, Paterson, Kenny wrote:
>> Just a quick heads-up with my CFRG hat on. We should soon be making a
>> start over there on defining signature schemes for use with the curves
>> that we have now selected; our DH deliberations are nearing completion.
>> One quick question for this group: how important is it to you to have
>> ECDSA - or something very close to it (e.g. a derandomised version) -
>> TLS use, and how much appetite is there for adopting schemes that
>> more significantly from ECDSA (e.g. EdDSA)?
>My personal view (I have also looked at what this would take):
>Not important, I would very much like a modern signature system (esp.
Thanks for this feedback. This was also the view at the CFRG meeting this
week in Dallas, but we will take it to the CFRG list for further
discussion in the near future.
>But I would want:
>- Both curves usable in the same signature framework.
>- Only use common hash function propeties for both curves, especially
> for verification interop.