- edited description
EdDSA in FAPI 2.0
There are currently two JWS algorithms allowed in FAPI 2.0.
- PS256, which excels in its verification throughput, but not so much signing
- ES256, which excels at its signing throughput, but not so much verification
It would be beneficial if there was an algorithm allowed, that strikes a better balance between sign and verify throughput.
I am of course talking about EdDSA (using Curve25519), how does the WG feel about extending the list of allowed FAPI 2.0 JWS Algorithms with it?
Comments (7)
-
reporter -
reporter See PR #327
-
reporter Further to consider: Shall we keep ES256, or replace it in favour of Curve25519 EdDSA given the often referred to https://safecurves.cr.yp.to
-
I’m kind of in favour of removing ES256, just in terms of reducing optionality. However I think there are a few people using ES256 (albeit if I remember correctly none of the major ecosystems) so removing ES256 would make it more difficult for some people to migrate from FAPI1 to FAPI2.
-
reporter I’m kind of in favour of removing ES256, just in terms of reducing optionality. However I think there are a few people using ES256 (albeit if I remember correctly none of the major ecosystems) so removing ES256 would make it more difficult for some people to migrate from FAPI1 to FAPI2.
Unless someone speaks up against keeping P-256 I think there’s value in all three, as noted - one for each occasion.
-
- changed status to resolved
PR merged
-
- changed component to FAPI2: Security Profile
- Log in to comment