search

briansmith / ring

Safe, fast, small crypto using Rust
Other
3.77k stars 707 forks source link

X448 / Ed448 / Ed25519 support #462

Closed Darkspirit closed 7 years ago

Darkspirit commented 7 years ago

Quote from ctz/rustls/issues/52

X448 is a perfect replacement for secp521r1 to gain "level 8" security here: https://www.keylength.com/en/3/

Ed25519 and Ed448 are needed for DNSSEC resolvers and servers anyway: RFC8080: Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC And when those dns replies get stapled into the tls handshake, Firefox (and other tls clients) should be able to handle both.

btls has both, but no TLS 1.3. Maybe this would be something for ring, @briansmith. (You convinced me that P-521 has no future.)

briansmith commented 7 years ago

@TerraX-net we already have Ed25519 and X25519. Please file a separate issue for X448 and/or a separate issue for Ed448 if you want those to be added.