| > Last I tried, even let's encrypt won't grant an ed25519 cert despite it being in tls 1.3 (2018?). Talk to the CA/Browser Forum. ยง6.1.5 Keys Sizes: > For RSA key pairs the CA SHALL: > * Ensure that the modulus size, when encoded, is at least 2048 bits, and; > * Ensure that the modulus size, in bits, is evenly divisible by 8. > For ECDSA key pairs, the CA SHALL: > * Ensure that the key represents a valid point on the NIST P-256, NIST P-384 or NIST P-521 elliptic curve. > No other algorithms or key sizes are permitted. * https://cabforum.org/uploads/CA-Browser-Forum-TLS-BRs-v2.0.2... * https://cabforum.org/working-groups/server/baseline-requirem... Ed25519 (and Ed448) was only 'recently' approved by NIST FIPS 186-5 in February 2023. |