dansarie
commented
2 weeks ago There seems to be consensus that a change of signature algorithm will be done in the form of a new version of the protocol, and thus be indicated by the VER tag. I think we can close this issue.
[Hayden] The I-D mandates the use of Ed25519 due to the signature size and efficiency in computation of the signature. Roughtime server operators may have other requirements on key usage however, and may prefer to use different signature schemes. I would propose making the signature algorithm configurable by the server. This will also be beneficial when considering post-quantum, as we can simply update the list of recommended algorithms.