Open sleevi opened 4 years ago
We also need to check what key algs our compliance monitoring infrastructure supports to provide the minimal set of supportable key types.
Also, of note is Section 2.1.4 of RFC 6962 which states:
Various data structures are signed. A log MUST use either elliptic curve signatures using the NIST P-256 curve (Section D.1.2.3 of the Digital Signature Standard [DSS]) or RSA signatures (RSASSA-PKCS1- V1_5 with SHA-256, Section 8.2 of [RFC3447]) using a key of at least 2048 bits.
The Chromium implementation of CT is limited in support of public keys to the set of public keys it accepts for the Web PKI:
The Chromium implementation does not explicitly support Curve25519, although it could, and does not support other forms of EC keys.