Ed448 support

[Darkspirit]

from https://github.com/briansmith/ring/issues/462 for https://github.com/ctz/rustls/issues/52

Please file a separate issue for X448 and/or a separate issue for Ed448 if you want those to be added.

Ed25519 and Ed448 are needed for DNSSEC resolvers and servers anyway: RFC8080: Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC And when those dns replies get stapled into the tls handshake, Firefox (and other tls clients) should be able to handle both.

btls has both, but no TLS 1.3. Maybe this would be something for ring, briansmith. (You convinced me that P-521 has no future.)

[briansmith]

Which version of Ed448 do you want? The one used in Signal/Axolotl/noise, as documented in https://whispersystems.org/docs/specifications/xeddsa/, is different than the IETF version, IIUC.

[Darkspirit]

I would think ring's current Ed25519 is the IETF one and therefore could be used for RFC8080 (EdDSA for DNSSEC) and maybe sometime for EdDSA certificates? I didn't thought about "XEdDSA", never heard about it before.