Sorry, the doc you linked is still a draft. We won't be issuing EdDSA certificates until they're fully standardized and we do a review of dependencies and the relevant documents that govern issuance.
https://tools.ietf.org/html/rfc8410 :tada:
Please reopen ;)
@jsha ping?
I asked the same question somewhere else and the answer I received back was "CA/B Forum does not allow EdDSA as part of the Baseline Requirements yet". Unfortunately, I don't know where to find updated information on when EdDSA will be in the BR.
@jrchamp I found https://community.letsencrypt.org/t/support-ed25519-and-ed448/69868 about it.
I found https://community.letsencrypt.org/t/support-ed25519-and-ed448/69868
From that post at the bottom of the thread (authoritative necro by moderator just last Tuesday), we're allegedly just waiting on
for LE to be able to sign certs based on the new curve, right?
@JamesTheAwesomeDude the last part of the message is a blocking point too:
Note that we won鈥檛 be able to generate Ed25519 intermediate certificates until / unless our HSM vendor releases firmware supporting them.
lack of an intermediate doesn't block supporting end entity certificates, as the current status of ECDSA shows.
Please consolidate the conversation over on the forum. Thanks!
Most helpful comment
https://tools.ietf.org/html/rfc8410 :tada:
Please reopen ;)