ExE-Boss
commented
5 years ago This should be given the Secure (Uncommon) treatment instead, since Ed25519 is a secure algorithm, which also has additional protections against side channel and broken RNG attacks.
I have no idea how feasible this would be, but would it be possible and worthwhile to add a subdomain with an ed25519 certificate? Since this is not a supported curve, this would be an expected failure, and this would change in the future if use of this curve is standardized.
I gather that OpenSSL
ecparamsandecsubcommands don't support ed25519, so it seems like it might be quite difficult to obtain/generate such a certificate. It seems worth entering an issue anyway, even if just to get feedback like "we'd love to, but not feasible at the moment for reasons X, Y, Z, ..."