EdDSA in FAPI 2.0

Issue #492 resolved

Filip Skokan created an issue 2022-04-07

There are currently two JWS algorithms allowed in FAPI 2.0.

It would be beneficial if there was an algorithm allowed, that strikes a better balance between sign and verify throughput.

I am of course talking about EdDSA (using Curve25519), how does the WG feel about extending the list of allowed FAPI 2.0 JWS Algorithms with it?

Comments (7)

Filip Skokan reporter
- edited description
- 2022-04-07T17:58:06+00:00
Filip Skokan reporter
See PR #327
- 2022-04-13T10:00:13+00:00
Filip Skokan reporter
Further to consider: Shall we keep ES256, or replace it in favour of Curve25519 EdDSA given the often referred to https://safecurves.cr.yp.to

‌
- 2022-04-13T10:10:18+00:00
Joseph Heenan
I’m kind of in favour of removing ES256, just in terms of reducing optionality. However I think there are a few people using ES256 (albeit if I remember correctly none of the major ecosystems) so removing ES256 would make it more difficult for some people to migrate from FAPI1 to FAPI2.

‌
- 2022-04-13T15:04:31+00:00
Filip Skokan reporter
I’m kind of in favour of removing ES256, just in terms of reducing optionality. However I think there are a few people using ES256 (albeit if I remember correctly none of the major ecosystems) so removing ES256 would make it more difficult for some people to migrate from FAPI1 to FAPI2.

Unless someone speaks up against keeping P-256 I think there’s value in all three, as noted - one for each occasion.
- 2022-04-13T17:36:10+00:00
Dave Tonge
- changed status to resolved
PR merged
- 2022-05-05T07:08:41+00:00
Nat Sakimura
- changed component to FAPI2: Security Profile
- 2022-12-14T15:35:25+00:00
Log in to comment