devonobrien
commented
4 years ago We also need to check what key algs our compliance monitoring infrastructure supports to provide the minimal set of supportable key types.
Open sleevi opened 4 years ago
devonobrien
commented
4 years ago We also need to check what key algs our compliance monitoring infrastructure supports to provide the minimal set of supportable key types.
devonobrien
commented
4 years ago Also, of note is Section 2.1.4 of RFC 6962 which states:
Various data structures are signed. A log MUST use either elliptic curve signatures using the NIST P-256 curve (Section D.1.2.3 of the Digital Signature Standard [DSS]) or RSA signatures (RSASSA-PKCS1- V1_5 with SHA-256, Section 8.2 of [RFC3447]) using a key of at least 2048 bits.
The Chromium implementation of CT is limited in support of public keys to the set of public keys it accepts for the Web PKI:
The Chromium implementation does not explicitly support Curve25519, although it could, and does not support other forms of EC keys.