On Thu Jul 9, 2020 at 6:29 PM CEST, Petite Abeille wrote: > > > > On Jun 26, 2020, at 15:56, solderpunk <solderpunk at SDF.ORG> wrote: > > > > cozylabs.eu achieves this feat with a single self-signed ED25519 > > certificate. > > What is the consensus on those self-signed ED25519 certificates? Good? > Bad? Ugly? My opinion is that they are very nice certs indeed and it would be lovely if we could all use them for everything, but we're probably a few years away from a point where a server admin can be confident that, say, 95% or more of potential visitors will be on systems where this will "just work". In the interim, ECDSA certificates using the NIST curves (yes, the ones everybody is suspicious of) are probably the best possible trade-off between small size and good support. I've finally started work on my little super-simple certificate generator. By default it uses ECDSA with the P256 curve. You can feed it an option to use ED25519 instead. That's it, there is no support for RSA. Cheers, Solderpunk
---
Previous in thread (30 of 31): 🗣️ colecmac (a) protonmail.com (colecmac (a) protonmail.com)