[dns-operations] EdDSA status ?
Paul Hoffman
phoffman at proper.com
Fri Jun 1 18:16:14 UTC 2018
On 1 Jun 2018, at 10:38, Viktor Dukhovni wrote:
>> On Jun 1, 2018, at 1:27 PM, Paul Hoffman <phoffman at proper.com> wrote:
>>
>> What does "consistent" mean here? All ECDSA signatures are the same
>> length and have the same parameters.
>
> Typically, ECDSA is not deterministic, it uses a random nonce. Using
> the same nonce for two different messages compromises the key.
> Deriving the nonce from the message in a collision-resistant manner
> can yield deterministic ECDSA signatures:
>
> https://tools.ietf.org/html/rfc6979?
OK, this makes sense. I figured everyone would just use deterministic
ECDSA, but I can imagine cases where the underlying library doesn't
support it.
--Paul Hoffman
More information about the dns-operations
mailing list