Elliptic curve certificates (ECDSA)?

[konklone]

Any chance of SSLMate supporting elliptic curve certificates? I believe Comodo PositiveSSL supports ECDSA/ECC certs.

BTW, I just moved isitchristmas.com over to SSLMate. Thanks for making it so easy!

[paulschreiber]

CC @dstebila.

[AGWA]

Elliptic curve support is in the works! I recently added ECDSA support to the SSLMate backend and got a PositiveSSL ECDSA cert issued, signed by an ECDSA intermediate. Stay tuned...

[AGWA]

The apiv2 branch contains support for ECDSA certs. Just put the following in your SSLMate config file:

key_type ecdsa

and sslmate buy and sslmate reissue will generate ECDSA keys. The curve, if you're curious, is prime256v1 (P-256).

I'm interested in hearing your thoughts on how the RSA vs ECDSA choice should be exposed to users. My philosophy with SSLMate is to keep things simple by picking the best parameters and not presenting users with too many options, especially crypto-related ones (which is why there is no documented way to use RSA key sizes besides 2048 bits). But this choice may involve a tradeoff that only users can make, namely a faster handshake with ECDSA, or compatibility with older clients (according to https://www.ssllabs.com/ssltest/clients.html, these clients are Android 2.3.7, BingPreview, IE 8 / XP, Java 6u45, and OpenSSL 0.9.8y).

[tollmanz]

My philosophy with SSLMate is to keep things simple by picking the best parameters and not presenting users with too many options, especially crypto-related ones (which is why there is no documented way to use RSA key sizes besides 2048 bits).

I think this is so important and absolutely should not be compromised. Sane defaults like these go a long ways toward helping well-meaning individual implement proper SSL/TLS deployments.

I think that ECDSA should be an advanced opt-in. Perhaps you could document this on your site in some "advanced" section.

[konklone]

Agree entirely about defaulting to universally usable parameters. I wasn't expecting ECDSA to be selected by default.

A CLI flag (--key-type?) that opts in for ECDSA, for those who care about it, seems sound. When the day comes that ECDSA is a safe default, the way that e.g. disabling SSLv3 is now, it can always be promoted to the default.

[AGWA]

Thanks for chiming in, @tollmanz and @konklone. I agree with your points. I'm going with a command line flag, documented but not in-your-face.

[konklone]

It looks like this has been done, now that apiv2 got merged in:

Thank you, @AGWA! This will be great to dovetail with any sites I/we run which are comfortable dropping Windows XP support.