[tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519

Maxim Kammerer mk at dee.su
Tue Aug 13 20:25:13 UTC 2013

On Tue, Aug 13, 2013 at 4:13 AM, Nick Mathewson <nickm at torproject.org>wrote:

>    Ed25519 (specifically, Ed25519-SHA-512 as described and specified at
>    http://ed25519.cr.yp.to/) is a desirable choice here: it's secure,
>    fast, has small keys and small signatures, is bulletproof in several
>    important ways, and supports fast batch verification. (It isn't quite
>    as fast as RSA1024 when it comes to public key operations, since RSA
>    gets to take advantage of small exponents when generating public
>    keys.)

At the risk of invoking something that was already discussed to death (and
I was not aware): why not go with something established like P-521 that
would apparently be a drop-in replacement with OpenSSL? Are the benefits
really worth it?

Maxim Kammerer
Liberté Linux: http://dee.su/liberte
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130813/991ab7f2/attachment.html>

More information about the tor-dev mailing list