[dns-operations] EdDSA status ?
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Jun 1 16:52:33 UTC 2018
> On Jun 1, 2018, at 12:30 PM, Peter Koch <pk at denic.de> wrote:
>
>> Just so I can understand: why is anyone even interested in using EdDSA
>> instead of ECDSA in DNSSEC unless you are doing online (live) signing?
>
> all other parameters equal, EdDSA produces consistent signatures.
Good point. Would it help for OpenSSL to expose an ECDSA-signature
interface that supports https://tools.ietf.org/html/rfc6979?
This might then get used in DNS signing implementations?
Anyone care to contribute a pull request that addresses:
https://github.com/openssl/openssl/issues/2078
The fault attacks mentioned in the issue are I think out of
scope for offline DNS signing, and seem rather remote also
for online signing.
--
Viktor.
More information about the dns-operations
mailing list